From 59dc83379a239d20ed04e66b650b232ed1f780aa Mon Sep 17 00:00:00 2001 From: Han Han Date: Thu, 16 Aug 2018 12:41:31 -0700 Subject: openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer Failure to extract the issuer name from the server certificate should return a more specific error code like on other TLS backends. --- lib/vtls/openssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index a487f553c..ce890fe3c 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3210,7 +3210,7 @@ static CURLcode servercert(struct connectdata *conn, ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)) ); BIO_free(mem); - return 0; + return CURLE_OUT_OF_MEMORY; } BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle); @@ -3257,7 +3257,7 @@ static CURLcode servercert(struct connectdata *conn, if(rc) { if(strict) failf(data, "SSL: couldn't get X509-issuer name!"); - result = CURLE_SSL_CONNECT_ERROR; + result = CURLE_PEER_FAILED_VERIFICATION; } else { infof(data, " issuer: %s\n", buffer); -- cgit v1.2.3