Commit 376b4d48 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

PolarSSL: correct return code for CRL matches 

When a server certificate matches one in the given CRL file, the code
now returns CURLE_SSL_CACERT as test case 313 expects and verifies.
parent 118e7330

lib/polarssl.c

+3 −1
Original line number Diff line number Diff line
@@ -291,8 +291,10 @@ polarssl_connect_step2(struct connectdata *conn, 
    if(ret & BADCERT_EXPIRED)

      failf(data, "Cert verify failed: BADCERT_EXPIRED\n");



    if(ret & BADCERT_REVOKED)

    if(ret & BADCERT_REVOKED) {

      failf(data, "Cert verify failed: BADCERT_REVOKED");

      return CURLE_SSL_CACERT;

    }



    if(ret & BADCERT_CN_MISMATCH)

      failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");