aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorGokhan Sengun <gokhansengun@gmail.com>2000-02-29 16:49:47 +0200
committerDaniel Stenberg <daniel@haxx.se>2012-04-23 20:24:15 +0200
commitdd18e714ff23d60ad43c524e290ab3e3093ba259 (patch)
treef52cd466b895726c9daad15834c0a7ae4fd05da8 /lib
parentd6c449e3b4262aa29c1594d64379a8c26d9a5c38 (diff)
OpenSSL cert: provide more details when cert check fails
curl needs to be more chatty regarding certificate verification failure during SSL handshake
Diffstat (limited to 'lib')
-rw-r--r--lib/ssluse.c16
1 files changed, 13 insertions, 3 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 8652cbd7c..a55ad3ce1 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1803,6 +1803,7 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
256 bytes long. */
CURLcode rc;
const char *cert_problem = NULL;
+ long lerr;
connssl->connecting_state = ssl_connect_2; /* the connection failed,
we're not waiting for
@@ -1824,12 +1825,22 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
SSL routines:
SSL3_GET_SERVER_CERTIFICATE:
certificate verify failed */
- cert_problem = "SSL certificate problem, verify that the CA cert is"
- " OK. Details:\n";
rc = CURLE_SSL_CACERT;
+
+ lerr = SSL_get_verify_result(connssl->handle);
+ if(lerr != X509_V_OK) {
+ snprintf(error_buffer, sizeof(error_buffer),
+ "SSL certificate problem: %s",
+ X509_verify_cert_error_string(lerr));
+ }
+ else
+ cert_problem = "SSL certificate problem, verify that the CA cert is"
+ " OK.";
+
break;
default:
rc = CURLE_SSL_CONNECT_ERROR;
+ SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
break;
}
@@ -1846,7 +1857,6 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
}
/* Could be a CERT problem */
- SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer);
return rc;
}