Loading lib/vtls/darwinssl.c +12 −12 Original line number Original line Diff line number Diff line Loading @@ -950,7 +950,7 @@ static CURLcode CopyCertSubject(struct Curl_easy *data, if(!c) { if(!c) { failf(data, "SSL: invalid CA certificate subject"); failf(data, "SSL: invalid CA certificate subject"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; } } /* If the subject is already available as UTF-8 encoded (ie 'direct') then /* If the subject is already available as UTF-8 encoded (ie 'direct') then Loading @@ -970,7 +970,7 @@ static CURLcode CopyCertSubject(struct Curl_easy *data, if(!CFStringGetCString(c, cbuf, cbuf_size, if(!CFStringGetCString(c, cbuf, cbuf_size, kCFStringEncodingUTF8)) { kCFStringEncodingUTF8)) { failf(data, "SSL: invalid CA certificate subject"); failf(data, "SSL: invalid CA certificate subject"); result = CURLE_SSL_CACERT; result = CURLE_PEER_FAILED_VERIFICATION; } } else else /* pass back the buffer */ /* pass back the buffer */ Loading Loading @@ -1649,7 +1649,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, } } CFRelease(cert); CFRelease(cert); if(result == CURLE_SSL_CACERT) if(result == CURLE_PEER_FAILED_VERIFICATION) return CURLE_SSL_CERTPROBLEM; return CURLE_SSL_CERTPROBLEM; if(result) if(result) return result; return result; Loading Loading @@ -2429,37 +2429,37 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex) /* These are all certificate problems with the server: */ /* These are all certificate problems with the server: */ case errSSLXCertChainInvalid: case errSSLXCertChainInvalid: failf(data, "SSL certificate problem: Invalid certificate chain"); failf(data, "SSL certificate problem: Invalid certificate chain"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLUnknownRootCert: case errSSLUnknownRootCert: failf(data, "SSL certificate problem: Untrusted root certificate"); failf(data, "SSL certificate problem: Untrusted root certificate"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLNoRootCert: case errSSLNoRootCert: failf(data, "SSL certificate problem: No root certificate"); failf(data, "SSL certificate problem: No root certificate"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLCertNotYetValid: case errSSLCertNotYetValid: failf(data, "SSL certificate problem: The certificate chain had a " failf(data, "SSL certificate problem: The certificate chain had a " "certificate that is not yet valid"); "certificate that is not yet valid"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLCertExpired: case errSSLCertExpired: case errSSLPeerCertExpired: case errSSLPeerCertExpired: failf(data, "SSL certificate problem: Certificate chain had an " failf(data, "SSL certificate problem: Certificate chain had an " "expired certificate"); "expired certificate"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLBadCert: case errSSLBadCert: case errSSLPeerBadCert: case errSSLPeerBadCert: failf(data, "SSL certificate problem: Couldn't understand the server " failf(data, "SSL certificate problem: Couldn't understand the server " "certificate format"); "certificate format"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLPeerUnsupportedCert: case errSSLPeerUnsupportedCert: failf(data, "SSL certificate problem: An unsupported certificate " failf(data, "SSL certificate problem: An unsupported certificate " "format was encountered"); "format was encountered"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLPeerCertRevoked: case errSSLPeerCertRevoked: failf(data, "SSL certificate problem: The certificate was revoked"); failf(data, "SSL certificate problem: The certificate was revoked"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLPeerCertUnknown: case errSSLPeerCertUnknown: failf(data, "SSL certificate problem: The certificate is unknown"); failf(data, "SSL certificate problem: The certificate is unknown"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; /* These are all certificate problems with the client: */ /* These are all certificate problems with the client: */ case errSecAuthFailed: case errSecAuthFailed: Loading lib/vtls/gtls.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -1110,7 +1110,7 @@ gtls_connect_step3(struct connectdata *conn, "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "none", "none", SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none"); SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; } } else else infof(data, "\t server certificate verification FAILED\n"); infof(data, "\t server certificate verification FAILED\n"); Loading lib/vtls/mbedtls.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -580,7 +580,7 @@ mbed_connect_step2(struct connectdata *conn, if(ret & MBEDTLS_X509_BADCERT_REVOKED) { if(ret & MBEDTLS_X509_BADCERT_REVOKED) { failf(data, "Cert verify failed: BADCERT_REVOKED"); failf(data, "Cert verify failed: BADCERT_REVOKED"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; } } if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH) if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH) Loading lib/vtls/nss.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -2081,7 +2081,7 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex) else if(*certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN) else if(*certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN) result = CURLE_PEER_FAILED_VERIFICATION; result = CURLE_PEER_FAILED_VERIFICATION; else if(*certverifyresult != 0) else if(*certverifyresult != 0) result = CURLE_SSL_CACERT; result = CURLE_PEER_FAILED_VERIFICATION; goto error; goto error; } } Loading lib/vtls/openssl.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -2719,7 +2719,7 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex) if((lib == ERR_LIB_SSL) && if((lib == ERR_LIB_SSL) && (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) { (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) { result = CURLE_SSL_CACERT; result = CURLE_PEER_FAILED_VERIFICATION; lerr = SSL_get_verify_result(BACKEND->handle); lerr = SSL_get_verify_result(BACKEND->handle); if(lerr != X509_V_OK) { if(lerr != X509_V_OK) { Loading Loading
lib/vtls/darwinssl.c +12 −12 Original line number Original line Diff line number Diff line Loading @@ -950,7 +950,7 @@ static CURLcode CopyCertSubject(struct Curl_easy *data, if(!c) { if(!c) { failf(data, "SSL: invalid CA certificate subject"); failf(data, "SSL: invalid CA certificate subject"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; } } /* If the subject is already available as UTF-8 encoded (ie 'direct') then /* If the subject is already available as UTF-8 encoded (ie 'direct') then Loading @@ -970,7 +970,7 @@ static CURLcode CopyCertSubject(struct Curl_easy *data, if(!CFStringGetCString(c, cbuf, cbuf_size, if(!CFStringGetCString(c, cbuf, cbuf_size, kCFStringEncodingUTF8)) { kCFStringEncodingUTF8)) { failf(data, "SSL: invalid CA certificate subject"); failf(data, "SSL: invalid CA certificate subject"); result = CURLE_SSL_CACERT; result = CURLE_PEER_FAILED_VERIFICATION; } } else else /* pass back the buffer */ /* pass back the buffer */ Loading Loading @@ -1649,7 +1649,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, } } CFRelease(cert); CFRelease(cert); if(result == CURLE_SSL_CACERT) if(result == CURLE_PEER_FAILED_VERIFICATION) return CURLE_SSL_CERTPROBLEM; return CURLE_SSL_CERTPROBLEM; if(result) if(result) return result; return result; Loading Loading @@ -2429,37 +2429,37 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex) /* These are all certificate problems with the server: */ /* These are all certificate problems with the server: */ case errSSLXCertChainInvalid: case errSSLXCertChainInvalid: failf(data, "SSL certificate problem: Invalid certificate chain"); failf(data, "SSL certificate problem: Invalid certificate chain"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLUnknownRootCert: case errSSLUnknownRootCert: failf(data, "SSL certificate problem: Untrusted root certificate"); failf(data, "SSL certificate problem: Untrusted root certificate"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLNoRootCert: case errSSLNoRootCert: failf(data, "SSL certificate problem: No root certificate"); failf(data, "SSL certificate problem: No root certificate"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLCertNotYetValid: case errSSLCertNotYetValid: failf(data, "SSL certificate problem: The certificate chain had a " failf(data, "SSL certificate problem: The certificate chain had a " "certificate that is not yet valid"); "certificate that is not yet valid"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLCertExpired: case errSSLCertExpired: case errSSLPeerCertExpired: case errSSLPeerCertExpired: failf(data, "SSL certificate problem: Certificate chain had an " failf(data, "SSL certificate problem: Certificate chain had an " "expired certificate"); "expired certificate"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLBadCert: case errSSLBadCert: case errSSLPeerBadCert: case errSSLPeerBadCert: failf(data, "SSL certificate problem: Couldn't understand the server " failf(data, "SSL certificate problem: Couldn't understand the server " "certificate format"); "certificate format"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLPeerUnsupportedCert: case errSSLPeerUnsupportedCert: failf(data, "SSL certificate problem: An unsupported certificate " failf(data, "SSL certificate problem: An unsupported certificate " "format was encountered"); "format was encountered"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLPeerCertRevoked: case errSSLPeerCertRevoked: failf(data, "SSL certificate problem: The certificate was revoked"); failf(data, "SSL certificate problem: The certificate was revoked"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; case errSSLPeerCertUnknown: case errSSLPeerCertUnknown: failf(data, "SSL certificate problem: The certificate is unknown"); failf(data, "SSL certificate problem: The certificate is unknown"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; /* These are all certificate problems with the client: */ /* These are all certificate problems with the client: */ case errSecAuthFailed: case errSecAuthFailed: Loading
lib/vtls/gtls.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -1110,7 +1110,7 @@ gtls_connect_step3(struct connectdata *conn, "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "none", "none", SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none"); SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; } } else else infof(data, "\t server certificate verification FAILED\n"); infof(data, "\t server certificate verification FAILED\n"); Loading
lib/vtls/mbedtls.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -580,7 +580,7 @@ mbed_connect_step2(struct connectdata *conn, if(ret & MBEDTLS_X509_BADCERT_REVOKED) { if(ret & MBEDTLS_X509_BADCERT_REVOKED) { failf(data, "Cert verify failed: BADCERT_REVOKED"); failf(data, "Cert verify failed: BADCERT_REVOKED"); return CURLE_SSL_CACERT; return CURLE_PEER_FAILED_VERIFICATION; } } if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH) if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH) Loading
lib/vtls/nss.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -2081,7 +2081,7 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex) else if(*certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN) else if(*certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN) result = CURLE_PEER_FAILED_VERIFICATION; result = CURLE_PEER_FAILED_VERIFICATION; else if(*certverifyresult != 0) else if(*certverifyresult != 0) result = CURLE_SSL_CACERT; result = CURLE_PEER_FAILED_VERIFICATION; goto error; goto error; } } Loading
lib/vtls/openssl.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -2719,7 +2719,7 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex) if((lib == ERR_LIB_SSL) && if((lib == ERR_LIB_SSL) && (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) { (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) { result = CURLE_SSL_CACERT; result = CURLE_PEER_FAILED_VERIFICATION; lerr = SSL_get_verify_result(BACKEND->handle); lerr = SSL_get_verify_result(BACKEND->handle); if(lerr != X509_V_OK) { if(lerr != X509_V_OK) { Loading
