PolarSSL: correct return code for CRL matches

When a server certificate matches one in the given CRL file, the code
now returns CURLE_SSL_CACERT as test case 313 expects and verifies.

diff --git a/lib/polarssl.c b/lib/polarssl.c
index 15a3e15b5f50e0b6e2dbf71b2eb9067f672ec969..39816baf045f60d2e35e569ead69b68e3c6ad6b9 100644 (file)
--- a/lib/polarssl.c
+++ b/lib/polarssl.c
@@ -291,8 +291,10 @@ polarssl_connect_step2(struct connectdata *conn,
     if(ret & BADCERT_EXPIRED)
       failf(data, "Cert verify failed: BADCERT_EXPIRED\n");
 
-    if(ret & BADCERT_REVOKED)
+    if(ret & BADCERT_REVOKED) {
       failf(data, "Cert verify failed: BADCERT_REVOKED");
+      return CURLE_SSL_CACERT;
+    }
 
     if(ret & BADCERT_CN_MISMATCH)
       failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");