schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root

This matches what is returned in other TLS backends in the same situation. Reviewed-by: Jay Satiro Reviewed-by: Emil Engler Follow-up to 5a3efb1 Reported-by: iammrtau on github Fixes #6003 Closes #6018
2024-12-23 08:38:49 -05:00 · 2020-09-28 08:30:25 +02:00 · 2020-09-28 08:30:25 +02:00 · abeeffb11c
commit abeeffb11c
parent 1e3c52fba7
1 changed files with 4 additions and 0 deletions
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@ -1181,6 +1181,10 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
        failf(data, "schannel: SNI or certificate check failed: %s",
              Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer)));
        return CURLE_PEER_FAILED_VERIFICATION;
+      case SEC_E_UNTRUSTED_ROOT:
+        failf(data, "schannel: %s",
+              Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer)));
+        return CURLE_PEER_FAILED_VERIFICATION;
        /*
          case SEC_E_INVALID_HANDLE:
          case SEC_E_INVALID_TOKEN: