Armel Asselin separated CA cert verification problems from problems with (4e717cdb) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -6,6 +6,11 @@

		Changelog

		Daniel (21 October 2006)
		- Armel Asselin separated CA cert verification problems from problems with
		reading the (local) CA cert file to let users easier pinpoint the actual
		problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.

		Daniel (18 October 2006)
		- Removed the "protocol-guessing" for URLs with host names starting with FTPS
		or TELNET since they are practically non-existant. This leaves us with only

+2 −1

Original line number	Diff line number	Diff line
		@@ -11,6 +11,7 @@ Curl and libcurl 7.16.0

		This release includes the following changes:

		o Added CURLE_SSL_CACERT_BADFILE
		o Added CURLMOPT_TIMERFUNCTION
		o The CURLOPT_SOURCE_* options are removed and so are the --3p* command line
		options

+3 −1

Original line number	Diff line number	Diff line
		@@ -174,7 +174,7 @@ problem with the local client certificate
		.IP "CURLE_SSL_CIPHER (59)"
		couldn't use specified cipher
		.IP "CURLE_SSL_CACERT (60)"
		problem with the CA cert (path? access rights?)
		peer certificate cannot be authenticated with known CA certificates
		.IP "CURLE_BAD_CONTENT_ENCODING (61)"
		Unrecognized transfer encoding
		.IP "CURLE_LDAP_INVALID_URL (62)"
		@@ -208,6 +208,8 @@ No such TFTP user
		Character conversion failed
		.IP "CURLE_CONV_REQD (76)"
		Caller must register conversion callbacks
		.IP "CURLE_SSL_CACERT_BADFILE (77)"
		Problem with reading the SSL CA cert (path? access rights?)
		.SH "CURLMcode"
		This is the generic return code used by functions in the libcurl multi
		interface. Also consider \fIcurl_multi_strerror(3)\fP.

+2 −0

Original line number	Diff line number	Diff line
		@@ -390,6 +390,8 @@ typedef enum {
		CURLOPT_CONV_FROM_NETWORK_FUNCTION,
		CURLOPT_CONV_TO_NETWORK_FUNCTION, and
		CURLOPT_CONV_FROM_UTF8_FUNCTION */
		CURLE_SSL_CACERT_BADFILE, /* 77 - could not load CACERT file, missing
		or wrong format */
		CURL_LAST /* never use! */
		} CURLcode;

+5 −2

Original line number	Diff line number	Diff line
		@@ -5,7 +5,7 @@
		* \| (__\| \|_\| \| _ <\| \|___
		* \___\|\___/\|_\| \_\_____\|
		*
		* Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
		* Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
		*
		* This software is licensed as described in the file COPYING, which
		* you should have received as part of this distribution. The terms
		@@ -234,9 +234,12 @@ Curl_gtls_connect(struct connectdata *conn,
		rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
		data->set.ssl.CAfile,
		GNUTLS_X509_FMT_PEM);
		if(rc < 0)
		if(rc < 0) {
		infof(data, "error reading ca cert file %s (%s)\n",
		data->set.ssl.CAfile, gnutls_strerror(rc));
		if (data->set.ssl.verifypeer)
		return CURLE_SSL_CACERT_BADFILE;
		}
		else
		infof(data, "found %d certificates in %s\n",
		rc, data->set.ssl.CAfile);