From 4e717cdb300adeff3b259b3619b29a944c2960a8 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 21 Oct 2006 11:32:05 +0000
Subject: Armel Asselin separated CA cert verification problems from problems
 with reading the (local) CA cert file to let users easier pinpoint the actual
 problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.

---
 lib/gtls.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'lib/gtls.c')

diff --git a/lib/gtls.c b/lib/gtls.c
index b202adfd4..02680d02b 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -234,9 +234,12 @@ Curl_gtls_connect(struct connectdata *conn,
     rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
                                                 data->set.ssl.CAfile,
                                                 GNUTLS_X509_FMT_PEM);
-    if(rc < 0)
+    if(rc < 0) {
       infof(data, "error reading ca cert file %s (%s)\n",
             data->set.ssl.CAfile, gnutls_strerror(rc));
+      if (data->set.ssl.verifypeer)
+        return CURLE_SSL_CACERT_BADFILE;
+    }
     else
       infof(data, "found %d certificates in %s\n",
             rc, data->set.ssl.CAfile);
-- 
cgit v1.2.3