generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Armel Asselin separated CA cert verification problems from problems with

Browse Source 
reading the (local) CA cert file to let users easier pinpoint the actual
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
This commit is contained in:
Daniel Stenberg 2006-10-21 11:32:05 +00:00
parent 33acd6f041
commit 4e717cdb30
8 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -6,6 +6,11 @@
Changelog Changelog
Daniel (21 October 2006)
- Armel Asselin separated CA cert verification problems from problems with
reading the (local) CA cert file to let users easier pinpoint the actual
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
Daniel (18 October 2006) Daniel (18 October 2006)
- Removed the "protocol-guessing" for URLs with host names starting with FTPS - Removed the "protocol-guessing" for URLs with host names starting with FTPS
or TELNET since they are practically non-existant. This leaves us with only or TELNET since they are practically non-existant. This leaves us with only

3
RELEASE-NOTES
View File

@ -10,7 +10,8 @@ Curl and libcurl 7.16.0
Number of contributors: 515 Number of contributors: 515
This release includes the following changes: This release includes the following changes:
o Added CURLE_SSL_CACERT_BADFILE
o Added CURLMOPT_TIMERFUNCTION o Added CURLMOPT_TIMERFUNCTION
o The CURLOPT_SOURCE_* options are removed and so are the --3p* command line o The CURLOPT_SOURCE_* options are removed and so are the --3p* command line
options options

4
docs/libcurl/libcurl-errors.3
View File

@ -174,7 +174,7 @@ problem with the local client certificate
.IP "CURLE_SSL_CIPHER (59)" .IP "CURLE_SSL_CIPHER (59)"
couldn't use specified cipher couldn't use specified cipher
.IP "CURLE_SSL_CACERT (60)" .IP "CURLE_SSL_CACERT (60)"
problem with the CA cert (path? access rights?) peer certificate cannot be authenticated with known CA certificates
.IP "CURLE_BAD_CONTENT_ENCODING (61)" .IP "CURLE_BAD_CONTENT_ENCODING (61)"
Unrecognized transfer encoding Unrecognized transfer encoding
.IP "CURLE_LDAP_INVALID_URL (62)" .IP "CURLE_LDAP_INVALID_URL (62)"
@ -208,6 +208,8 @@ No such TFTP user
Character conversion failed Character conversion failed
.IP "CURLE_CONV_REQD (76)" .IP "CURLE_CONV_REQD (76)"
Caller must register conversion callbacks Caller must register conversion callbacks
.IP "CURLE_SSL_CACERT_BADFILE (77)"
Problem with reading the SSL CA cert (path? access rights?)
.SH "CURLMcode" .SH "CURLMcode"
This is the generic return code used by functions in the libcurl multi This is the generic return code used by functions in the libcurl multi
interface. Also consider \fIcurl_multi_strerror(3)\fP. interface. Also consider \fIcurl_multi_strerror(3)\fP.

2
include/curl/curl.h
View File

@ -390,6 +390,8 @@ typedef enum {
CURLOPT_CONV_FROM_NETWORK_FUNCTION, CURLOPT_CONV_FROM_NETWORK_FUNCTION,
CURLOPT_CONV_TO_NETWORK_FUNCTION, and CURLOPT_CONV_TO_NETWORK_FUNCTION, and
CURLOPT_CONV_FROM_UTF8_FUNCTION */ CURLOPT_CONV_FROM_UTF8_FUNCTION */
CURLE_SSL_CACERT_BADFILE, /* 77 - could not load CACERT file, missing
or wrong format */
CURL_LAST /* never use! */ CURL_LAST /* never use! */
} CURLcode; } CURLcode;

7
lib/gtls.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -234,9 +234,12 @@ Curl_gtls_connect(struct connectdata *conn,
rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred, rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
data->set.ssl.CAfile, data->set.ssl.CAfile,
GNUTLS_X509_FMT_PEM); GNUTLS_X509_FMT_PEM);
if(rc < 0) if(rc < 0) {
infof(data, "error reading ca cert file %s (%s)\n", infof(data, "error reading ca cert file %s (%s)\n",
data->set.ssl.CAfile, gnutls_strerror(rc)); data->set.ssl.CAfile, gnutls_strerror(rc));
if (data->set.ssl.verifypeer)
return CURLE_SSL_CACERT_BADFILE;
}
else else
infof(data, "found %d certificates in %s\n", infof(data, "found %d certificates in %s\n",
rc, data->set.ssl.CAfile); rc, data->set.ssl.CAfile);

2
lib/ssluse.c
View File

@ -1272,7 +1272,7 @@ Curl_ossl_connect_step1(struct connectdata *conn,
" CAfile: %s\n CApath: %s\n", " CAfile: %s\n CApath: %s\n",
data->set.ssl.CAfile ? data->set.ssl.CAfile : "none", data->set.ssl.CAfile ? data->set.ssl.CAfile : "none",
data->set.ssl.CApath ? data->set.ssl.CApath : "none"); data->set.ssl.CApath ? data->set.ssl.CApath : "none");
return CURLE_SSL_CACERT; return CURLE_SSL_CACERT_BADFILE;
} }
else { else {
/* Just continue with a warning if no strict certificate verification /* Just continue with a warning if no strict certificate verification

3
lib/strerror.c
View File

@ -227,6 +227,9 @@ curl_easy_strerror(CURLcode error)
return "couldn't use specified SSL cipher"; return "couldn't use specified SSL cipher";
case CURLE_SSL_CACERT: case CURLE_SSL_CACERT:
return "peer certificate cannot be authenticated with known CA certificates";
case CURLE_SSL_CACERT_BADFILE:
return "problem with the SSL CA cert (path? access rights?)"; return "problem with the SSL CA cert (path? access rights?)";
case CURLE_BAD_CONTENT_ENCODING: case CURLE_BAD_CONTENT_ENCODING:

2
tests/data/test305
View File

@ -28,6 +28,6 @@ https://%HOSTIP:%HTTPSPORT/want/305 --cacert moooo
<protocol> <protocol>
</protocol> </protocol>
<errorcode> <errorcode>
60 77
</errorcode> </errorcode>
</verify> </verify>