I renamed the CURLE_SSL_PEER_CERTIFICATE error code to

CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made this return code get used by the previous SSH MD5 fingerprint check in case it fails.
author: Daniel Stenberg <daniel@haxx.se> 2007-10-03 08:07:50 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2007-10-03 08:07:50 +0000
commit: ce81cd21d3865270867d68935c9700dbaf5b5fcc (patch)
tree: 5744d2d3f3e4873b9597b550b71ac3640147746e /lib
parent: 51c6a5d43b09835289a469165aa7a2bfb79dbdc6 (diff)
5 files changed, 12 insertions, 12 deletions
diff --git a/lib/gtls.c b/lib/gtls.c
index 8d126d005..2aeb093d0 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -352,7 +352,7 @@ Curl_gtls_connect(struct connectdata *conn,
   if(!chainp) {
     if(data->set.ssl.verifyhost) {
       failf(data, "failed to get server cert");
-      return CURLE_SSL_PEER_CERTIFICATE;
+      return CURLE_PEER_FAILED_VERIFICATION;
     }
     infof(data, "\t common name: WARNING couldn't obtain\n");
   }
@@ -413,7 +413,7 @@ Curl_gtls_connect(struct connectdata *conn,
       failf(data, "SSL: certificate subject name (%s) does not match "
             "target host name '%s'", certbuf, conn->host.dispname);
       gnutls_x509_crt_deinit(x509_cert);
-      return CURLE_SSL_PEER_CERTIFICATE;
+      return CURLE_PEER_FAILED_VERIFICATION;
     }
     else
       infof(data, "\t common name: %s (does not match '%s')\n",
@@ -433,7 +433,7 @@ Curl_gtls_connect(struct connectdata *conn,
   if(clock < time(NULL)) {
     if (data->set.ssl.verifypeer) {
       failf(data, "server certificate expiration date has passed.");
-      return CURLE_SSL_PEER_CERTIFICATE;
+      return CURLE_PEER_FAILED_VERIFICATION;
     }
     else
       infof(data, "\t server certificate expiration date FAILED\n");
@@ -451,7 +451,7 @@ Curl_gtls_connect(struct connectdata *conn,
   if(clock > time(NULL)) {
     if (data->set.ssl.verifypeer) {
       failf(data, "server certificate not activated yet.");
-      return CURLE_SSL_PEER_CERTIFICATE;
+      return CURLE_PEER_FAILED_VERIFICATION;
     }
     else
       infof(data, "\t server certificate activation date FAILED\n");
diff --git a/lib/qssl.c b/lib/qssl.c
index bbff445f0..8dd8fc330 100644
--- a/lib/qssl.c
+++ b/lib/qssl.c
@@ -220,7 +220,7 @@ static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex)
   case SSL_ERROR_BAD_CERTIFICATE:
   case SSL_ERROR_BAD_CERT_SIG:
   case SSL_ERROR_NOT_TRUSTED_ROOT:
-    return CURLE_SSL_PEER_CERTIFICATE;
+    return CURLE_PEER_FAILED_VERIFICATION;
 
   case SSL_ERROR_BAD_CIPHER_SUITE:
   case SSL_ERROR_NO_CIPHERS:
diff --git a/lib/ssh.c b/lib/ssh.c
index 4a9d03732..9dce09630 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -371,7 +371,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn)
                 "Remote %s is not equal to %s",
                 buf, data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]);
           state(conn, SSH_SESSION_FREE);
-          sshc->actualCode = CURLE_FAILED_INIT;
+          sshc->actualCode = CURLE_PEER_FAILED_VERIFICATION;
           break;
         }
       }
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 55f6c8453..2ce701d06 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1121,13 +1121,13 @@ static CURLcode verifyhost(struct connectdata *conn,
     if (!peer_CN) {
       failf(data,
             "SSL: unable to obtain common name from peer certificate");
-      return CURLE_SSL_PEER_CERTIFICATE;
+      return CURLE_PEER_FAILED_VERIFICATION;
     }
     else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
       if(data->set.ssl.verifyhost > 1) {
         failf(data, "SSL: certificate subject name '%s' does not match "
               "target host name '%s'", peer_CN, conn->host.dispname);
-        res = CURLE_SSL_PEER_CERTIFICATE;
+        res = CURLE_PEER_FAILED_VERIFICATION;
       }
       else
         infof(data, "\t common name: %s (does not match '%s')\n",
@@ -1624,7 +1624,7 @@ Curl_ossl_connect_step3(struct connectdata *conn,
   connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
   if(!connssl->server_cert) {
     failf(data, "SSL: couldn't get peer certificate!");
-    return CURLE_SSL_PEER_CERTIFICATE;
+    return CURLE_PEER_FAILED_VERIFICATION;
   }
   infof (data, "Server certificate:\n");
 
@@ -1675,7 +1675,7 @@ Curl_ossl_connect_step3(struct connectdata *conn,
            and we return earlyer if verifypeer is set? */
         failf(data, "SSL certificate verify result: %s (%ld)",
               X509_verify_cert_error_string(lerr), lerr);
-        retcode = CURLE_SSL_PEER_CERTIFICATE;
+        retcode = CURLE_PEER_FAILED_VERIFICATION;
       }
       else
         infof(data, "SSL certificate verify result: %s (%ld),"
diff --git a/lib/strerror.c b/lib/strerror.c
index 658a8cba1..94c0f8820 100644
--- a/lib/strerror.c
+++ b/lib/strerror.c
@@ -174,8 +174,8 @@ curl_easy_strerror(CURLcode error)
   case CURLE_TELNET_OPTION_SYNTAX :
     return "Malformed telnet option";
 
-  case CURLE_SSL_PEER_CERTIFICATE:
-    return "SSL peer certificate was not OK";
+  case CURLE_PEER_FAILED_VERIFICATION:
+    return "SSL peer certificate or SSH md5 fingerprint was not OK";
 
   case CURLE_GOT_NOTHING:
     return "Server returned nothing (no headers, no data)";
author	Daniel Stenberg <daniel@haxx.se>	2007-10-03 08:07:50 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2007-10-03 08:07:50 +0000
commit	ce81cd21d3865270867d68935c9700dbaf5b5fcc (patch)
tree	5744d2d3f3e4873b9597b550b71ac3640147746e /lib
parent	51c6a5d43b09835289a469165aa7a2bfb79dbdc6 (diff)