aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2005-04-13 12:38:01 +0000
committerDaniel Stenberg <daniel@haxx.se>2005-04-13 12:38:01 +0000
commit316adac511b95f0ccab565275af11dd5a62611d9 (patch)
tree6b3f2be44f336a9f645a8ecdf5763f9cbb23bc3b
parentd7b11d4c33304f55ade30610fd855b31cb8ece71 (diff)
don't bail out just because the ca file has a problem, it might be OK
-rw-r--r--lib/gtls.c16
1 files changed, 3 insertions, 13 deletions
diff --git a/lib/gtls.c b/lib/gtls.c
index bc7cd27e3..0ec101ce6 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -145,28 +145,18 @@ Curl_gtls_connect(struct connectdata *conn,
/* allocate a cred struct */
rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred);
if(rc < 0) {
- failf(data, "gnutls_cert_all_cred() failed: %d", rc);
+ failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
return CURLE_SSL_CONNECT_ERROR;
}
if(data->set.ssl.CAfile) {
/* set the trusted CA cert bundle file */
-
- /*
- * Unfortunately, if a file name is set here and this function fails for
- * whatever reason (missing file, bad file, etc), gnutls will no longer
- * handshake properly but it just loops forever. Therefore, we must return
- * error here if we get an error when setting the CA cert file name.
- *
- * (Question/report posted to the help-gnutls mailing list, April 8 2005)
- */
rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
data->set.ssl.CAfile,
GNUTLS_X509_FMT_PEM);
if(rc) {
- failf(data, "error reading the ca cert file %s",
- data->set.ssl.CAfile);
- return CURLE_SSL_CACERT;
+ infof(data, "error reading ca cert file %s (%s)",
+ data->set.ssl.CAfile, gnutls_strerror(rc));
}
}