From 59dc83379a239d20ed04e66b650b232ed1f780aa Mon Sep 17 00:00:00 2001
From: Han Han <hhan@thousandeyes.com>
Date: Thu, 16 Aug 2018 12:41:31 -0700
Subject: openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse
 issuer

Failure to extract the issuer name from the server certificate should
return a more specific error code like on other TLS backends.
---
 lib/vtls/openssl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index a487f553c..ce890fe3c 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3210,7 +3210,7 @@ static CURLcode servercert(struct connectdata *conn,
           ossl_strerror(ERR_get_error(), error_buffer,
                         sizeof(error_buffer)) );
     BIO_free(mem);
-    return 0;
+    return CURLE_OUT_OF_MEMORY;
   }
 
   BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle);
@@ -3257,7 +3257,7 @@ static CURLcode servercert(struct connectdata *conn,
   if(rc) {
     if(strict)
       failf(data, "SSL: couldn't get X509-issuer name!");
-    result = CURLE_SSL_CONNECT_ERROR;
+    result = CURLE_PEER_FAILED_VERIFICATION;
   }
   else {
     infof(data, " issuer: %s\n", buffer);
-- 
cgit v1.2.3