aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHan Han <hhan@thousandeyes.com>2018-08-16 12:41:31 -0700
committerDaniel Stenberg <daniel@haxx.se>2018-09-06 08:27:15 +0200
commit59dc83379a239d20ed04e66b650b232ed1f780aa (patch)
tree63de37a057146205f67e3e7d3554b3749fadd9df
parent5a3efb1dba509b269953ff684f61e682fec14bf5 (diff)
openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
Failure to extract the issuer name from the server certificate should return a more specific error code like on other TLS backends.
-rw-r--r--lib/vtls/openssl.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index a487f553c..ce890fe3c 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3210,7 +3210,7 @@ static CURLcode servercert(struct connectdata *conn,
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
BIO_free(mem);
- return 0;
+ return CURLE_OUT_OF_MEMORY;
}
BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle);
@@ -3257,7 +3257,7 @@ static CURLcode servercert(struct connectdata *conn,
if(rc) {
if(strict)
failf(data, "SSL: couldn't get X509-issuer name!");
- result = CURLE_SSL_CONNECT_ERROR;
+ result = CURLE_PEER_FAILED_VERIFICATION;
}
else {
infof(data, " issuer: %s\n", buffer);