aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Zitzmann <nickzman@gmail.com>2013-02-08 18:34:11 -0700
committerNick Zitzmann <nickzman@gmail.com>2013-02-08 18:34:11 -0700
commit7f266f1c99a9dfbc69c54911910359640bb297df (patch)
tree41c3ff5b3f3d6e5e4bbaf5da8db93db365f25992
parent5be2499e164ed017181ee7c320752cb1ffe196f5 (diff)
darwinssl: Make certificate errors less techy
Previously if a problem was found with one of the server's certificates, we'd log an OSStatus for the end user to look up. Now we explain what was wrong with the site's certificate chain. Also un-did part of the previous commit where the code wouldn't catch errSSLServerAuthCompleted if built under Leopard.
-rw-r--r--lib/curl_darwinssl.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/curl_darwinssl.c b/lib/curl_darwinssl.c
index e81e7a637..d660deb2d 100644
--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
@@ -940,17 +940,24 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
ssl_connect_2_writing : ssl_connect_2_reading;
return CURLE_OK;
-#if defined(__MAC_10_6) || defined(__IPHONE_5_0)
- case errSSLServerAuthCompleted:
+ /* The below is errSSLServerAuthCompleted; it's not defined in
+ Leopard's headers */
+ case -9841:
/* the documentation says we need to call SSLHandshake() again */
return darwinssl_connect_step2(conn, sockindex);
-#endif /* defined(__MAC_10_6) || defined(__IPHONE_5_0) */
case errSSLXCertChainInvalid:
+ failf(data, "SSL certificate problem: Invalid certificate chain");
+ return CURLE_SSL_CACERT;
case errSSLUnknownRootCert:
+ failf(data, "SSL certificate problem: Untrusted root certificate");
+ return CURLE_SSL_CACERT;
case errSSLNoRootCert:
+ failf(data, "SSL certificate problem: No root certificate");
+ return CURLE_SSL_CACERT;
case errSSLCertExpired:
- failf(data, "SSL certificate problem: OSStatus %d", err);
+ failf(data, "SSL certificate problem: Certificate chain had an "
+ "expired certificate");
return CURLE_SSL_CACERT;
case errSSLHostNameMismatch: