mirror of
https://github.com/moparisthebest/curl
synced 2025-01-10 13:38:04 -05:00
CURLcode: add CURLE_SSL_CLIENTCERT
When a TLS server requests a client certificate during handshake and none can be provided, libcurl now returns this new error code CURLE_SSL_CLIENTCERT Only supported by Secure Transport and OpenSSL for TLS 1.3 so far. Closes #6721
This commit is contained in:
parent
0acfe05c2e
commit
94241a9e78
@ -262,6 +262,8 @@ be one out of several problems, see the error buffer for details.
|
|||||||
.IP "CURLE_QUIC_CONNECT_ERROR (96)"
|
.IP "CURLE_QUIC_CONNECT_ERROR (96)"
|
||||||
QUIC connection error. This error may be caused by an SSL library error. QUIC
|
QUIC connection error. This error may be caused by an SSL library error. QUIC
|
||||||
is the protocol used for HTTP/3 transfers.
|
is the protocol used for HTTP/3 transfers.
|
||||||
|
.IP "CURLE_SSL_CLIENTCERT (98)"
|
||||||
|
SSL Client Certificate required.
|
||||||
.IP "CURLE_OBSOLETE*"
|
.IP "CURLE_OBSOLETE*"
|
||||||
These error codes will never be returned. They were used in an old libcurl
|
These error codes will never be returned. They were used in an old libcurl
|
||||||
version and are currently unused.
|
version and are currently unused.
|
||||||
|
@ -126,6 +126,7 @@ CURLE_SSL_CACERT 7.10 7.62.0
|
|||||||
CURLE_SSL_CACERT_BADFILE 7.16.0
|
CURLE_SSL_CACERT_BADFILE 7.16.0
|
||||||
CURLE_SSL_CERTPROBLEM 7.10
|
CURLE_SSL_CERTPROBLEM 7.10
|
||||||
CURLE_SSL_CIPHER 7.10
|
CURLE_SSL_CIPHER 7.10
|
||||||
|
CURLE_SSL_CLIENTCERT 7.77.0
|
||||||
CURLE_SSL_CONNECT_ERROR 7.1
|
CURLE_SSL_CONNECT_ERROR 7.1
|
||||||
CURLE_SSL_CRL_BADFILE 7.19.0
|
CURLE_SSL_CRL_BADFILE 7.19.0
|
||||||
CURLE_SSL_ENGINE_INITFAILED 7.12.3
|
CURLE_SSL_ENGINE_INITFAILED 7.12.3
|
||||||
|
@ -612,6 +612,7 @@ typedef enum {
|
|||||||
CURLE_HTTP3, /* 95 - An HTTP/3 layer problem */
|
CURLE_HTTP3, /* 95 - An HTTP/3 layer problem */
|
||||||
CURLE_QUIC_CONNECT_ERROR, /* 96 - QUIC connection error */
|
CURLE_QUIC_CONNECT_ERROR, /* 96 - QUIC connection error */
|
||||||
CURLE_PROXY, /* 97 - proxy handshake error */
|
CURLE_PROXY, /* 97 - proxy handshake error */
|
||||||
|
CURLE_SSL_CLIENTCERT, /* 98 - client-side certificate required */
|
||||||
CURL_LAST /* never use! */
|
CURL_LAST /* never use! */
|
||||||
} CURLcode;
|
} CURLcode;
|
||||||
|
|
||||||
|
@ -323,6 +323,9 @@ curl_easy_strerror(CURLcode error)
|
|||||||
case CURLE_PROXY:
|
case CURLE_PROXY:
|
||||||
return "proxy handshake error";
|
return "proxy handshake error";
|
||||||
|
|
||||||
|
case CURLE_SSL_CLIENTCERT:
|
||||||
|
return "SSL Client Certificate required";
|
||||||
|
|
||||||
/* error codes not used by current libcurl */
|
/* error codes not used by current libcurl */
|
||||||
case CURLE_OBSOLETE20:
|
case CURLE_OBSOLETE20:
|
||||||
case CURLE_OBSOLETE24:
|
case CURLE_OBSOLETE24:
|
||||||
|
@ -3292,6 +3292,19 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data,
|
|||||||
error_buffer */
|
error_buffer */
|
||||||
strcpy(error_buffer, "SSL certificate verification failed");
|
strcpy(error_buffer, "SSL certificate verification failed");
|
||||||
}
|
}
|
||||||
|
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
|
||||||
|
!defined(LIBRESSL_VERSION_NUMBER) && \
|
||||||
|
!defined(OPENSSL_IS_BORINGSSL))
|
||||||
|
/* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on
|
||||||
|
OpenSSL version above v1.1.1, not Libre SSL nor BoringSSL */
|
||||||
|
else if((lib == ERR_LIB_SSL) &&
|
||||||
|
(reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) {
|
||||||
|
/* If client certificate is required, communicate the
|
||||||
|
error to client */
|
||||||
|
result = CURLE_SSL_CLIENTCERT;
|
||||||
|
ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
|
||||||
|
}
|
||||||
|
#endif
|
||||||
else {
|
else {
|
||||||
result = CURLE_SSL_CONNECT_ERROR;
|
result = CURLE_SSL_CONNECT_ERROR;
|
||||||
ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
|
ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
|
||||||
|
@ -2708,8 +2708,9 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
|
|||||||
#if CURL_BUILD_MAC_10_6
|
#if CURL_BUILD_MAC_10_6
|
||||||
/* Only returned when kSSLSessionOptionBreakOnCertRequested is set */
|
/* Only returned when kSSLSessionOptionBreakOnCertRequested is set */
|
||||||
case errSSLClientCertRequested:
|
case errSSLClientCertRequested:
|
||||||
failf(data, "The server has requested a client certificate");
|
failf(data, "Server requested a client certificate during the "
|
||||||
break;
|
"handshake");
|
||||||
|
return CURLE_SSL_CLIENTCERT;
|
||||||
#endif
|
#endif
|
||||||
#if CURL_BUILD_MAC_10_9
|
#if CURL_BUILD_MAC_10_9
|
||||||
/* Alias for errSSLLast, end of error range */
|
/* Alias for errSSLLast, end of error range */
|
||||||
|
@ -130,7 +130,8 @@ e94: An authentication function returned an error
|
|||||||
e95: HTTP/3 error
|
e95: HTTP/3 error
|
||||||
e96: QUIC connection error
|
e96: QUIC connection error
|
||||||
e97: proxy handshake error
|
e97: proxy handshake error
|
||||||
e98: Unknown error
|
e98: SSL Client Certificate required
|
||||||
|
e99: Unknown error
|
||||||
m-1: Please call curl_multi_perform() soon
|
m-1: Please call curl_multi_perform() soon
|
||||||
m0: No error
|
m0: No error
|
||||||
m1: Invalid multi handle
|
m1: Invalid multi handle
|
||||||
|
Loading…
Reference in New Issue
Block a user