Unverified Commit 0029aabc authored Aug 20, 2018 by Han Han Committed by Daniel Stenberg Sep 06, 2018

x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert

CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509
does not allocate memory internally as its first argument is a pointer
to the certificate structure. The same error code is also returned by
Curl_verifyhost when its call to Curl_parseX509 fails so the change
makes error handling more consistent.

parent 59dc8337

lib/x509asn1.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -896,7 +896,7 @@ CURLcode Curl_extract_certinfo(struct connectdata *conn,

	/* Extract the certificate ASN.1 elements. */		/* Extract the certificate ASN.1 elements. */
	if(Curl_parseX509(&cert, beg, end))		if(Curl_parseX509(&cert, beg, end))
	return CURLE_OUT_OF_MEMORY;		return CURLE_PEER_FAILED_VERIFICATION;

	/* Subject. */		/* Subject. */
	ccp = DNtostr(&cert.subject);		ccp = DNtostr(&cert.subject);