diff options
author | Dan Fandrich <dan@coneharvesters.com> | 2014-07-23 00:43:47 +0200 |
---|---|---|
committer | Dan Fandrich <dan@coneharvesters.com> | 2014-07-23 00:52:56 +0200 |
commit | 713f96ee0c14d231d89f52f0ad0471336c147e97 (patch) | |
tree | e4a7b28a43756c76e46474a32176f2553b5146d3 | |
parent | cc52d776dd378733997f9a0d325cb10f627e3a34 (diff) |
cyassl.c: return the correct error code on no CA cert
CyaSSL 3.0.0 returns a unique error code if no CA cert is available,
so translate that into CURLE_SSL_CACERT_BADFILE when peer verification
is requested.
-rw-r--r-- | lib/vtls/cyassl.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index cf93e0ede..9e0c80e21 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -144,7 +144,7 @@ cyassl_connect_step1(struct connectdata *conn, data->set.str[STRING_SSL_CAFILE], data->set.str[STRING_SSL_CAPATH])) { if(data->set.ssl.verifypeer) { - /* Fail if we insiste on successfully verifying the server. */ + /* Fail if we insist on successfully verifying the server. */ failf(data,"error setting certificate verify locations:\n" " CAfile: %s\n CApath: %s", data->set.str[STRING_SSL_CAFILE]? @@ -154,7 +154,7 @@ cyassl_connect_step1(struct connectdata *conn, return CURLE_SSL_CACERT_BADFILE; } else { - /* Just continue with a warning if no strict certificate + /* Just continue with a warning if no strict certificate verification is required. */ infof(data, "error setting certificate verify locations," " continuing anyway:\n"); @@ -299,6 +299,18 @@ cyassl_connect_step2(struct connectdata *conn, } #endif } + else if(ASN_NO_SIGNER_E == detail) { + if(data->set.ssl.verifypeer) { + failf(data, "\tCA signer not available for verification\n"); + return CURLE_SSL_CACERT_BADFILE; + } + else { + /* Just continue with a warning if no strict certificate + verification is required. */ + infof(data, "CA signer not available for verification, " + "continuing anyway\n"); + } + } else { failf(data, "SSL_connect failed with error %d: %s", detail, ERR_error_string(detail, error_buffer)); |