Commit 21873b52 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Restored the SSL error codes since they was broken in the 7.10.4 release, 

also now attempt to detect and return the specific CACERT error code.
parent 0aa8b828

lib/ssluse.c

+24 −8
Original line number Diff line number Diff line
@@ -900,9 +900,24 @@ Curl_SSLConnect(struct connectdata *conn) 
        /* untreated error */

        char error_buffer[120]; /* OpenSSL documents that this must be at least

                                   120 bytes long. */



        detail = ERR_get_error(); /* Gets the earliest error code from the

                                     thread's error queue and removes the

                                     entry. */



        

        if(0x14090086 == detail) {

          /* 14090086:

             SSL routines:

             SSL3_GET_SERVER_CERTIFICATE:

             certificate verify failed */

          failf(data,

                "SSL certificate problem, verify that the CA cert is OK");

          return CURLE_SSL_CACERT;

        }

        else {

          /* detail is already set to the SSL error above */

          failf(data, "SSL: %s", ERR_error_string(detail, error_buffer));



          /* OpenSSL 0.9.6 and later has a function named

             ERRO_error_string_n() that takes the size of the buffer as a third

             argument, and we should possibly switch to using that one in the
@@ -910,6 +925,7 @@ Curl_SSLConnect(struct connectdata *conn) 
          return CURLE_SSL_CONNECT_ERROR;

        }

      }

    }

    else

      /* we have been connected fine, get out of the connect loop */

      break;