diff options
author | Gokhan Sengun <gokhansengun@gmail.com> | 2000-02-29 16:49:47 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2012-04-23 20:24:15 +0200 |
commit | dd18e714ff23d60ad43c524e290ab3e3093ba259 (patch) | |
tree | f52cd466b895726c9daad15834c0a7ae4fd05da8 /lib | |
parent | d6c449e3b4262aa29c1594d64379a8c26d9a5c38 (diff) |
OpenSSL cert: provide more details when cert check fails
curl needs to be more chatty regarding certificate verification failure
during SSL handshake
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssluse.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index 8652cbd7c..a55ad3ce1 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1803,6 +1803,7 @@ ossl_connect_step2(struct connectdata *conn, int sockindex) 256 bytes long. */ CURLcode rc; const char *cert_problem = NULL; + long lerr; connssl->connecting_state = ssl_connect_2; /* the connection failed, we're not waiting for @@ -1824,12 +1825,22 @@ ossl_connect_step2(struct connectdata *conn, int sockindex) SSL routines: SSL3_GET_SERVER_CERTIFICATE: certificate verify failed */ - cert_problem = "SSL certificate problem, verify that the CA cert is" - " OK. Details:\n"; rc = CURLE_SSL_CACERT; + + lerr = SSL_get_verify_result(connssl->handle); + if(lerr != X509_V_OK) { + snprintf(error_buffer, sizeof(error_buffer), + "SSL certificate problem: %s", + X509_verify_cert_error_string(lerr)); + } + else + cert_problem = "SSL certificate problem, verify that the CA cert is" + " OK."; + break; default: rc = CURLE_SSL_CONNECT_ERROR; + SSL_strerror(errdetail, error_buffer, sizeof(error_buffer)); break; } @@ -1846,7 +1857,6 @@ ossl_connect_step2(struct connectdata *conn, int sockindex) } /* Could be a CERT problem */ - SSL_strerror(errdetail, error_buffer, sizeof(error_buffer)); failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer); return rc; } |