Commit 713f96ee authored by Dan Fandrich's avatar Dan Fandrich
Browse files

cyassl.c: return the correct error code on no CA cert 

CyaSSL 3.0.0 returns a unique error code if no CA cert is available,
so translate that into CURLE_SSL_CACERT_BADFILE when peer verification
is requested.
parent cc52d776

lib/vtls/cyassl.c

+14 −2
Original line number Diff line number Diff line
@@ -144,7 +144,7 @@ cyassl_connect_step1(struct connectdata *conn, 
                                      data->set.str[STRING_SSL_CAFILE],

                                      data->set.str[STRING_SSL_CAPATH])) {

      if(data->set.ssl.verifypeer) {

        /* Fail if we insiste on successfully verifying the server. */

        /* Fail if we insist on successfully verifying the server. */

        failf(data,"error setting certificate verify locations:\n"

              "  CAfile: %s\n  CApath: %s",

              data->set.str[STRING_SSL_CAFILE]?
@@ -299,6 +299,18 @@ cyassl_connect_step2(struct connectdata *conn, 
      }

#endif

    }

    else if(ASN_NO_SIGNER_E == detail) {

      if(data->set.ssl.verifypeer) {

        failf(data, "\tCA signer not available for verification\n");

        return CURLE_SSL_CACERT_BADFILE;

      }

      else {

        /* Just continue with a warning if no strict certificate

           verification is required. */

        infof(data, "CA signer not available for verification, "

                    "continuing anyway\n");

      }

    }

    else {

      failf(data, "SSL_connect failed with error %d: %s", detail,

          ERR_error_string(detail, error_buffer));