mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 16:18:48 -05:00
CURLcode: add CURLE_SSL_CLIENTCERT
When a TLS server requests a client certificate during handshake and none can be provided, libcurl now returns this new error code CURLE_SSL_CLIENTCERT Only supported by Secure Transport and OpenSSL for TLS 1.3 so far. Closes #6721
This commit is contained in:
parent
0acfe05c2e
commit
94241a9e78
@ -262,6 +262,8 @@ be one out of several problems, see the error buffer for details.
|
||||
.IP "CURLE_QUIC_CONNECT_ERROR (96)"
|
||||
QUIC connection error. This error may be caused by an SSL library error. QUIC
|
||||
is the protocol used for HTTP/3 transfers.
|
||||
.IP "CURLE_SSL_CLIENTCERT (98)"
|
||||
SSL Client Certificate required.
|
||||
.IP "CURLE_OBSOLETE*"
|
||||
These error codes will never be returned. They were used in an old libcurl
|
||||
version and are currently unused.
|
||||
|
@ -126,6 +126,7 @@ CURLE_SSL_CACERT 7.10 7.62.0
|
||||
CURLE_SSL_CACERT_BADFILE 7.16.0
|
||||
CURLE_SSL_CERTPROBLEM 7.10
|
||||
CURLE_SSL_CIPHER 7.10
|
||||
CURLE_SSL_CLIENTCERT 7.77.0
|
||||
CURLE_SSL_CONNECT_ERROR 7.1
|
||||
CURLE_SSL_CRL_BADFILE 7.19.0
|
||||
CURLE_SSL_ENGINE_INITFAILED 7.12.3
|
||||
|
@ -612,6 +612,7 @@ typedef enum {
|
||||
CURLE_HTTP3, /* 95 - An HTTP/3 layer problem */
|
||||
CURLE_QUIC_CONNECT_ERROR, /* 96 - QUIC connection error */
|
||||
CURLE_PROXY, /* 97 - proxy handshake error */
|
||||
CURLE_SSL_CLIENTCERT, /* 98 - client-side certificate required */
|
||||
CURL_LAST /* never use! */
|
||||
} CURLcode;
|
||||
|
||||
|
@ -320,9 +320,12 @@ curl_easy_strerror(CURLcode error)
|
||||
case CURLE_QUIC_CONNECT_ERROR:
|
||||
return "QUIC connection error";
|
||||
|
||||
case CURLE_PROXY:
|
||||
case CURLE_PROXY:
|
||||
return "proxy handshake error";
|
||||
|
||||
case CURLE_SSL_CLIENTCERT:
|
||||
return "SSL Client Certificate required";
|
||||
|
||||
/* error codes not used by current libcurl */
|
||||
case CURLE_OBSOLETE20:
|
||||
case CURLE_OBSOLETE24:
|
||||
|
@ -3292,6 +3292,19 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data,
|
||||
error_buffer */
|
||||
strcpy(error_buffer, "SSL certificate verification failed");
|
||||
}
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
|
||||
!defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
!defined(OPENSSL_IS_BORINGSSL))
|
||||
/* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on
|
||||
OpenSSL version above v1.1.1, not Libre SSL nor BoringSSL */
|
||||
else if((lib == ERR_LIB_SSL) &&
|
||||
(reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) {
|
||||
/* If client certificate is required, communicate the
|
||||
error to client */
|
||||
result = CURLE_SSL_CLIENTCERT;
|
||||
ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
|
||||
}
|
||||
#endif
|
||||
else {
|
||||
result = CURLE_SSL_CONNECT_ERROR;
|
||||
ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
|
||||
|
@ -2708,8 +2708,9 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
|
||||
#if CURL_BUILD_MAC_10_6
|
||||
/* Only returned when kSSLSessionOptionBreakOnCertRequested is set */
|
||||
case errSSLClientCertRequested:
|
||||
failf(data, "The server has requested a client certificate");
|
||||
break;
|
||||
failf(data, "Server requested a client certificate during the "
|
||||
"handshake");
|
||||
return CURLE_SSL_CLIENTCERT;
|
||||
#endif
|
||||
#if CURL_BUILD_MAC_10_9
|
||||
/* Alias for errSSLLast, end of error range */
|
||||
|
@ -130,7 +130,8 @@ e94: An authentication function returned an error
|
||||
e95: HTTP/3 error
|
||||
e96: QUIC connection error
|
||||
e97: proxy handshake error
|
||||
e98: Unknown error
|
||||
e98: SSL Client Certificate required
|
||||
e99: Unknown error
|
||||
m-1: Please call curl_multi_perform() soon
|
||||
m0: No error
|
||||
m1: Invalid multi handle
|
||||
|
Loading…
Reference in New Issue
Block a user