- PHP's bug report #43158 (http://bugs.php.net/bug.php?id=43158) identifies a

true bug in libcurl built with OpenSSL. It made curl_easy_getinfo() more or less always return 0 for CURLINFO_SSL_VERIFYRESULT because the function that would set it to something non-zero would return before the assign in almost all error cases. The internal variable is now set to non-zero from the start of the function only to get cleared later on if things work out fine.
2008-07-30 21:24:59 +00:00 · 2008-07-30 21:24:59 +00:00 · ae654266df
parent 03986f1b8b
commit ae654266df
3 changed files with 35 additions and 21 deletions
--- a/10
+++ b/10
@ -6,6 +6,16 @@

                                  Changelog

+Daniel Stenberg (30 Jul 2008)
+- PHP's bug report #43158 (http://bugs.php.net/bug.php?id=43158) identifies a
+  true bug in libcurl built with OpenSSL. It made curl_easy_getinfo() more or
+  less always return 0 for CURLINFO_SSL_VERIFYRESULT because the function that
+  would set it to something non-zero would return before the assign in almost
+  all error cases. The internal variable is now set to non-zero from the start
+  of the function only to get cleared later on if things work out fine.
+
+- Made the curl tool's -w option support the %{ssl_verify_result} variable
+
 Daniel Fandrich (30 Jul 2008)
 - Added test cases 1052 through 1055 to test uploading data from files
  during redirects.  Test cases 1052 and 1055 show problems (maybe the same
--- a/2
+++ b/2
@ -18,6 +18,7 @@ This release includes the following changes:
 o Now builds for the INTEGRITY operating system
 o Added CURLINFO_APPCONNECT_TIME
 o Added test selection by key word in runtests.pl
+ o the curl tool's -w option support the %{ssl_verify_result} variable

 This release includes the following bugfixes:

@ -37,6 +38,7 @@ This release includes the following bugfixes:
 o user-agent in CONNECT with non-HTTP protocols
 o CURL_READFUNC_PAUSE problems fixed
 o --use-ascii now works on Symbian OS, MS-DOS and OS/2
+ o CURLINFO_SSL_VERIFYRESULT is fixed

 This release includes the following known bugs:

--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -1639,6 +1639,8 @@ static CURLcode servercert(struct connectdata *conn,
  X509 *issuer;
  FILE *fp;

+  data->set.ssl.certverifyresult = !X509_V_OK;
+
  connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
  if(!connssl->server_cert) {
    if(strict)
@ -1728,7 +1730,7 @@ static CURLcode servercert(struct connectdata *conn,
    if(data->set.ssl.certverifyresult != X509_V_OK) {
      if(data->set.ssl.verifypeer) {
        /* We probably never reach this, because SSL_connect() will fail
-           and we return earlyer if verifypeer is set? */
+           and we return earlier if verifypeer is set? */
        if(strict)
          failf(data, "SSL certificate verify result: %s (%ld)",
                X509_verify_cert_error_string(lerr), lerr);