generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

I renamed the CURLE_SSL_PEER_CERTIFICATE error code to

Browse Source 
CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made this
return code get used by the previous SSH MD5 fingerprint check in case it
fails.
This commit is contained in:
Daniel Stenberg
2007-10-03 08:07:50 +00:00
parent 51c6a5d43b
commit ce81cd21d3
9 changed files with 26 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/ssluse.c
View File

@@ -1121,13 +1121,13 @@ static CURLcode verifyhost(struct connectdata *conn,
if (!peer_CN) {
failf(data,
"SSL: unable to obtain common name from peer certificate");
return CURLE_SSL_PEER_CERTIFICATE;
return CURLE_PEER_FAILED_VERIFICATION;
}
else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
if(data->set.ssl.verifyhost > 1) {
failf(data, "SSL: certificate subject name '%s' does not match "
"target host name '%s'", peer_CN, conn->host.dispname);
res = CURLE_SSL_PEER_CERTIFICATE;
res = CURLE_PEER_FAILED_VERIFICATION;
}
else
infof(data, "\t common name: %s (does not match '%s')\n",
@@ -1624,7 +1624,7 @@ Curl_ossl_connect_step3(struct connectdata *conn,
connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
if(!connssl->server_cert) {
failf(data, "SSL: couldn't get peer certificate!");
return CURLE_SSL_PEER_CERTIFICATE;
return CURLE_PEER_FAILED_VERIFICATION;
}
infof (data, "Server certificate:\n");
@@ -1675,7 +1675,7 @@ Curl_ossl_connect_step3(struct connectdata *conn,
and we return earlyer if verifypeer is set? */
failf(data, "SSL certificate verify result: %s (%ld)",
X509_verify_cert_error_string(lerr), lerr);
retcode = CURLE_SSL_PEER_CERTIFICATE;
retcode = CURLE_PEER_FAILED_VERIFICATION;
}
else
infof(data, "SSL certificate verify result: %s (%ld),"