From 376b4d48feea9da98eda15ddf05c86729d9dc3f1 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 6 Apr 2012 15:10:59 +0200
Subject: PolarSSL: correct return code for CRL matches

When a server certificate matches one in the given CRL file, the code
now returns CURLE_SSL_CACERT as test case 313 expects and verifies.
---
 lib/polarssl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/polarssl.c b/lib/polarssl.c
index 15a3e15b5..39816baf0 100644
--- a/lib/polarssl.c
+++ b/lib/polarssl.c
@@ -291,8 +291,10 @@ polarssl_connect_step2(struct connectdata *conn,
     if(ret & BADCERT_EXPIRED)
       failf(data, "Cert verify failed: BADCERT_EXPIRED\n");
 
-    if(ret & BADCERT_REVOKED)
+    if(ret & BADCERT_REVOKED) {
       failf(data, "Cert verify failed: BADCERT_REVOKED");
+      return CURLE_SSL_CACERT;
+    }
 
     if(ret & BADCERT_CN_MISMATCH)
       failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
-- 
cgit v1.2.3