aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Zitzmann <nickzman@gmail.com>2013-04-01 18:24:32 -0600
committerNick Zitzmann <nickzman@gmail.com>2013-04-01 18:24:32 -0600
commit74467f8e7837f8a58ce08725efc391b189f37466 (patch)
tree71a6b0296749cf92663fa704cd103b182ba80b8a
parentcfb7e809913aa4fc5eeec3621273c75a729459b6 (diff)
darwinssl: additional descriptive messages of SSL handshake errors
(This doesn't need to appear in the release notes.)
-rw-r--r--lib/curl_darwinssl.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/curl_darwinssl.c b/lib/curl_darwinssl.c
index 5340c6142..4b3149db4 100644
--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
@@ -995,6 +995,10 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
failf(data, "SSL certificate problem: Certificate chain had an "
"expired certificate");
return CURLE_SSL_CACERT;
+ case errSSLBadCert:
+ failf(data, "SSL certificate problem: Couldn't understand the server "
+ "certificate format");
+ return CURLE_SSL_CONNECT_ERROR;
/* This error is raised if the server's cert didn't match the server's
host name: */
@@ -1010,10 +1014,18 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
case errSSLClosedAbort:
failf(data, "Server aborted the SSL handshake");
return CURLE_SSL_CONNECT_ERROR;
- case paramErr: /* if you're getting this, it could be a cipher problem */
+ case errSSLNegotiation:
+ failf(data, "Could not negotiate an SSL cipher suite with the server");
+ return CURLE_SSL_CONNECT_ERROR;
+ /* Sometimes paramErr happens with buggy ciphers: */
+ case paramErr: case errSSLInternal:
failf(data, "Internal SSL engine error encountered during the "
"SSL handshake");
return CURLE_SSL_CONNECT_ERROR;
+ case errSSLFatalAlert:
+ failf(data, "Fatal SSL engine error encountered during the SSL "
+ "handshake");
+ return CURLE_SSL_CONNECT_ERROR;
default:
failf(data, "Unknown SSL protocol error in connection to %s:%d",
conn->host.name, err);