aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/ssluse.c16
1 files changed, 13 insertions, 3 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 8652cbd7c..a55ad3ce1 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1803,6 +1803,7 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
256 bytes long. */
CURLcode rc;
const char *cert_problem = NULL;
+ long lerr;
connssl->connecting_state = ssl_connect_2; /* the connection failed,
we're not waiting for
@@ -1824,12 +1825,22 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
SSL routines:
SSL3_GET_SERVER_CERTIFICATE:
certificate verify failed */
- cert_problem = "SSL certificate problem, verify that the CA cert is"
- " OK. Details:\n";
rc = CURLE_SSL_CACERT;
+
+ lerr = SSL_get_verify_result(connssl->handle);
+ if(lerr != X509_V_OK) {
+ snprintf(error_buffer, sizeof(error_buffer),
+ "SSL certificate problem: %s",
+ X509_verify_cert_error_string(lerr));
+ }
+ else
+ cert_problem = "SSL certificate problem, verify that the CA cert is"
+ " OK.";
+
break;
default:
rc = CURLE_SSL_CONNECT_ERROR;
+ SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
break;
}
@@ -1846,7 +1857,6 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
}
/* Could be a CERT problem */
- SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer);
return rc;
}