diff options
author | Han Han <hhan@thousandeyes.com> | 2018-08-16 12:41:31 -0700 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-09-06 08:27:15 +0200 |
commit | 59dc83379a239d20ed04e66b650b232ed1f780aa (patch) | |
tree | 63de37a057146205f67e3e7d3554b3749fadd9df | |
parent | 5a3efb1dba509b269953ff684f61e682fec14bf5 (diff) |
openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
Failure to extract the issuer name from the server certificate should
return a more specific error code like on other TLS backends.
-rw-r--r-- | lib/vtls/openssl.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index a487f553c..ce890fe3c 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3210,7 +3210,7 @@ static CURLcode servercert(struct connectdata *conn, ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)) ); BIO_free(mem); - return 0; + return CURLE_OUT_OF_MEMORY; } BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle); @@ -3257,7 +3257,7 @@ static CURLcode servercert(struct connectdata *conn, if(rc) { if(strict) failf(data, "SSL: couldn't get X509-issuer name!"); - result = CURLE_SSL_CONNECT_ERROR; + result = CURLE_PEER_FAILED_VERIFICATION; } else { infof(data, " issuer: %s\n", buffer); |