From 316adac511b95f0ccab565275af11dd5a62611d9 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 13 Apr 2005 12:38:01 +0000
Subject: don't bail out just because the ca file has a problem, it might be OK

---
 lib/gtls.c | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

(limited to 'lib')

diff --git a/lib/gtls.c b/lib/gtls.c
index bc7cd27e3..0ec101ce6 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -145,28 +145,18 @@ Curl_gtls_connect(struct connectdata *conn,
   /* allocate a cred struct */
   rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred);
   if(rc < 0) {
-    failf(data, "gnutls_cert_all_cred() failed: %d", rc);
+    failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
     return CURLE_SSL_CONNECT_ERROR;
   }
 
   if(data->set.ssl.CAfile) {
     /* set the trusted CA cert bundle file */
-
-    /*
-     * Unfortunately, if a file name is set here and this function fails for
-     * whatever reason (missing file, bad file, etc), gnutls will no longer
-     * handshake properly but it just loops forever. Therefore, we must return
-     * error here if we get an error when setting the CA cert file name.
-     *
-     * (Question/report posted to the help-gnutls mailing list, April 8 2005)
-     */
     rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
                                                 data->set.ssl.CAfile,
                                                 GNUTLS_X509_FMT_PEM);
     if(rc) {
-      failf(data, "error reading the ca cert file %s",
-            data->set.ssl.CAfile);
-      return CURLE_SSL_CACERT;
+      infof(data, "error reading ca cert file %s (%s)",
+            data->set.ssl.CAfile, gnutls_strerror(rc));
     }
   }
 
-- 
cgit v1.2.3