From ce81cd21d3865270867d68935c9700dbaf5b5fcc Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 3 Oct 2007 08:07:50 +0000 Subject: I renamed the CURLE_SSL_PEER_CERTIFICATE error code to CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made this return code get used by the previous SSH MD5 fingerprint check in case it fails. --- lib/gtls.c | 8 ++++---- lib/qssl.c | 2 +- lib/ssh.c | 2 +- lib/ssluse.c | 8 ++++---- lib/strerror.c | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) (limited to 'lib') diff --git a/lib/gtls.c b/lib/gtls.c index 8d126d005..2aeb093d0 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -352,7 +352,7 @@ Curl_gtls_connect(struct connectdata *conn, if(!chainp) { if(data->set.ssl.verifyhost) { failf(data, "failed to get server cert"); - return CURLE_SSL_PEER_CERTIFICATE; + return CURLE_PEER_FAILED_VERIFICATION; } infof(data, "\t common name: WARNING couldn't obtain\n"); } @@ -413,7 +413,7 @@ Curl_gtls_connect(struct connectdata *conn, failf(data, "SSL: certificate subject name (%s) does not match " "target host name '%s'", certbuf, conn->host.dispname); gnutls_x509_crt_deinit(x509_cert); - return CURLE_SSL_PEER_CERTIFICATE; + return CURLE_PEER_FAILED_VERIFICATION; } else infof(data, "\t common name: %s (does not match '%s')\n", @@ -433,7 +433,7 @@ Curl_gtls_connect(struct connectdata *conn, if(clock < time(NULL)) { if (data->set.ssl.verifypeer) { failf(data, "server certificate expiration date has passed."); - return CURLE_SSL_PEER_CERTIFICATE; + return CURLE_PEER_FAILED_VERIFICATION; } else infof(data, "\t server certificate expiration date FAILED\n"); @@ -451,7 +451,7 @@ Curl_gtls_connect(struct connectdata *conn, if(clock > time(NULL)) { if (data->set.ssl.verifypeer) { failf(data, "server certificate not activated yet."); - return CURLE_SSL_PEER_CERTIFICATE; + return CURLE_PEER_FAILED_VERIFICATION; } else infof(data, "\t server certificate activation date FAILED\n"); diff --git a/lib/qssl.c b/lib/qssl.c index bbff445f0..8dd8fc330 100644 --- a/lib/qssl.c +++ b/lib/qssl.c @@ -220,7 +220,7 @@ static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex) case SSL_ERROR_BAD_CERTIFICATE: case SSL_ERROR_BAD_CERT_SIG: case SSL_ERROR_NOT_TRUSTED_ROOT: - return CURLE_SSL_PEER_CERTIFICATE; + return CURLE_PEER_FAILED_VERIFICATION; case SSL_ERROR_BAD_CIPHER_SUITE: case SSL_ERROR_NO_CIPHERS: diff --git a/lib/ssh.c b/lib/ssh.c index 4a9d03732..9dce09630 100644 --- a/lib/ssh.c +++ b/lib/ssh.c @@ -371,7 +371,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn) "Remote %s is not equal to %s", buf, data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]); state(conn, SSH_SESSION_FREE); - sshc->actualCode = CURLE_FAILED_INIT; + sshc->actualCode = CURLE_PEER_FAILED_VERIFICATION; break; } } diff --git a/lib/ssluse.c b/lib/ssluse.c index 55f6c8453..2ce701d06 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1121,13 +1121,13 @@ static CURLcode verifyhost(struct connectdata *conn, if (!peer_CN) { failf(data, "SSL: unable to obtain common name from peer certificate"); - return CURLE_SSL_PEER_CERTIFICATE; + return CURLE_PEER_FAILED_VERIFICATION; } else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) { if(data->set.ssl.verifyhost > 1) { failf(data, "SSL: certificate subject name '%s' does not match " "target host name '%s'", peer_CN, conn->host.dispname); - res = CURLE_SSL_PEER_CERTIFICATE; + res = CURLE_PEER_FAILED_VERIFICATION; } else infof(data, "\t common name: %s (does not match '%s')\n", @@ -1624,7 +1624,7 @@ Curl_ossl_connect_step3(struct connectdata *conn, connssl->server_cert = SSL_get_peer_certificate(connssl->handle); if(!connssl->server_cert) { failf(data, "SSL: couldn't get peer certificate!"); - return CURLE_SSL_PEER_CERTIFICATE; + return CURLE_PEER_FAILED_VERIFICATION; } infof (data, "Server certificate:\n"); @@ -1675,7 +1675,7 @@ Curl_ossl_connect_step3(struct connectdata *conn, and we return earlyer if verifypeer is set? */ failf(data, "SSL certificate verify result: %s (%ld)", X509_verify_cert_error_string(lerr), lerr); - retcode = CURLE_SSL_PEER_CERTIFICATE; + retcode = CURLE_PEER_FAILED_VERIFICATION; } else infof(data, "SSL certificate verify result: %s (%ld)," diff --git a/lib/strerror.c b/lib/strerror.c index 658a8cba1..94c0f8820 100644 --- a/lib/strerror.c +++ b/lib/strerror.c @@ -174,8 +174,8 @@ curl_easy_strerror(CURLcode error) case CURLE_TELNET_OPTION_SYNTAX : return "Malformed telnet option"; - case CURLE_SSL_PEER_CERTIFICATE: - return "SSL peer certificate was not OK"; + case CURLE_PEER_FAILED_VERIFICATION: + return "SSL peer certificate or SSH md5 fingerprint was not OK"; case CURLE_GOT_NOTHING: return "Server returned nothing (no headers, no data)"; -- cgit v1.2.3