From dd18e714ff23d60ad43c524e290ab3e3093ba259 Mon Sep 17 00:00:00 2001 From: Gokhan Sengun Date: Tue, 29 Feb 2000 16:49:47 +0200 Subject: OpenSSL cert: provide more details when cert check fails curl needs to be more chatty regarding certificate verification failure during SSL handshake --- lib/ssluse.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/lib/ssluse.c b/lib/ssluse.c index 8652cbd7c..a55ad3ce1 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1803,6 +1803,7 @@ ossl_connect_step2(struct connectdata *conn, int sockindex) 256 bytes long. */ CURLcode rc; const char *cert_problem = NULL; + long lerr; connssl->connecting_state = ssl_connect_2; /* the connection failed, we're not waiting for @@ -1824,12 +1825,22 @@ ossl_connect_step2(struct connectdata *conn, int sockindex) SSL routines: SSL3_GET_SERVER_CERTIFICATE: certificate verify failed */ - cert_problem = "SSL certificate problem, verify that the CA cert is" - " OK. Details:\n"; rc = CURLE_SSL_CACERT; + + lerr = SSL_get_verify_result(connssl->handle); + if(lerr != X509_V_OK) { + snprintf(error_buffer, sizeof(error_buffer), + "SSL certificate problem: %s", + X509_verify_cert_error_string(lerr)); + } + else + cert_problem = "SSL certificate problem, verify that the CA cert is" + " OK."; + break; default: rc = CURLE_SSL_CONNECT_ERROR; + SSL_strerror(errdetail, error_buffer, sizeof(error_buffer)); break; } @@ -1846,7 +1857,6 @@ ossl_connect_step2(struct connectdata *conn, int sockindex) } /* Could be a CERT problem */ - SSL_strerror(errdetail, error_buffer, sizeof(error_buffer)); failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer); return rc; } -- cgit v1.2.3