Unverified Commit 59dc8337 authored by Han Han's avatar Han Han Committed by Daniel Stenberg
Browse files

openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer 

Failure to extract the issuer name from the server certificate should
return a more specific error code like on other TLS backends.
parent 5a3efb1d

lib/vtls/openssl.c

+2 −2
Original line number Diff line number Diff line
@@ -3210,7 +3210,7 @@ static CURLcode servercert(struct connectdata *conn, 
          ossl_strerror(ERR_get_error(), error_buffer,

                        sizeof(error_buffer)) );

    BIO_free(mem);

    return 0;

    return CURLE_OUT_OF_MEMORY;

  }



  BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle);
@@ -3257,7 +3257,7 @@ static CURLcode servercert(struct connectdata *conn, 
  if(rc) {

    if(strict)

      failf(data, "SSL: couldn't get X509-issuer name!");

    result = CURLE_SSL_CONNECT_ERROR;

    result = CURLE_PEER_FAILED_VERIFICATION;

  }

  else {

    infof(data, " issuer: %s\n", buffer);