From 713f96ee0c14d231d89f52f0ad0471336c147e97 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Wed, 23 Jul 2014 00:43:47 +0200 Subject: cyassl.c: return the correct error code on no CA cert CyaSSL 3.0.0 returns a unique error code if no CA cert is available, so translate that into CURLE_SSL_CACERT_BADFILE when peer verification is requested. --- lib/vtls/cyassl.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'lib/vtls') diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index cf93e0ede..9e0c80e21 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -144,7 +144,7 @@ cyassl_connect_step1(struct connectdata *conn, data->set.str[STRING_SSL_CAFILE], data->set.str[STRING_SSL_CAPATH])) { if(data->set.ssl.verifypeer) { - /* Fail if we insiste on successfully verifying the server. */ + /* Fail if we insist on successfully verifying the server. */ failf(data,"error setting certificate verify locations:\n" " CAfile: %s\n CApath: %s", data->set.str[STRING_SSL_CAFILE]? @@ -154,7 +154,7 @@ cyassl_connect_step1(struct connectdata *conn, return CURLE_SSL_CACERT_BADFILE; } else { - /* Just continue with a warning if no strict certificate + /* Just continue with a warning if no strict certificate verification is required. */ infof(data, "error setting certificate verify locations," " continuing anyway:\n"); @@ -299,6 +299,18 @@ cyassl_connect_step2(struct connectdata *conn, } #endif } + else if(ASN_NO_SIGNER_E == detail) { + if(data->set.ssl.verifypeer) { + failf(data, "\tCA signer not available for verification\n"); + return CURLE_SSL_CACERT_BADFILE; + } + else { + /* Just continue with a warning if no strict certificate + verification is required. */ + infof(data, "CA signer not available for verification, " + "continuing anyway\n"); + } + } else { failf(data, "SSL_connect failed with error %d: %s", detail, ERR_error_string(detail, error_buffer)); -- cgit v1.2.3