From 8e176a7c799749af50df057c1bf63f1a6afb7dd5 Mon Sep 17 00:00:00 2001
From: Gaurav Malhotra <malhotrag@gmail.com>
Date: Wed, 7 Sep 2016 00:39:35 +0530
Subject: openssl: fix CURLINFO_SSL_VERIFYRESULT

CURLINFO_SSL_VERIFYRESULT does not get the certificate verification
result when SSL_connect fails because of a certificate verification
error.

This fix saves the result of SSL_get_verify_result so that it is
returned by CURLINFO_SSL_VERIFYRESULT.

Closes https://github.com/curl/curl/pull/995
---
 lib/vtls/openssl.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/vtls/openssl.c')

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index d645b037f..0a3e6a3be 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2188,6 +2188,7 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
 
         lerr = SSL_get_verify_result(connssl->handle);
         if(lerr != X509_V_OK) {
+          data->set.ssl.certverifyresult = lerr;
           snprintf(error_buffer, sizeof(error_buffer),
                    "SSL certificate problem: %s",
                    X509_verify_cert_error_string(lerr));
-- 
cgit v1.2.3