cyassl.c: return the correct error code on no CA cert

author Dan Fandrich <dan@coneharvesters.com>

Tue, 22 Jul 2014 22:43:47 +0000 (00:43 +0200)

committer Dan Fandrich <dan@coneharvesters.com>

Tue, 22 Jul 2014 22:52:56 +0000 (00:52 +0200)
author Dan Fandrich <dan@coneharvesters.com>
Tue, 22 Jul 2014 22:43:47 +0000 (00:43 +0200)
committer Dan Fandrich <dan@coneharvesters.com>
Tue, 22 Jul 2014 22:52:56 +0000 (00:52 +0200)
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c

index cf93e0ede512f758c8536415a7dee9c65eb876c5..9e0c80e21adc5cd53594c958daf7d9efbc190a82 100644 (file)
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -144,7 +144,7 @@ cyassl_connect_step1(struct connectdata *conn,
                                        data->set.str[STRING_SSL_CAFILE],
                                        data->set.str[STRING_SSL_CAPATH])) {
        if(data->set.ssl.verifypeer) {
-        /* Fail if we insiste on successfully verifying the server. */
+        /* Fail if we insist on successfully verifying the server. */
          failf(data,"error setting certificate verify locations:\n"
                "  CAfile: %s\n  CApath: %s",
                data->set.str[STRING_SSL_CAFILE]?
@@ -154,7 +154,7 @@ cyassl_connect_step1(struct connectdata *conn,
          return CURLE_SSL_CACERT_BADFILE;
        }
        else {
-        /* Just continue with a warning if no strict  certificate
+        /* Just continue with a warning if no strict certificate
             verification is required. */
          infof(data, "error setting certificate verify locations,"
                " continuing anyway:\n");
@@ -299,6 +299,18 @@ cyassl_connect_step2(struct connectdata *conn,
        }
  #endif
      }
+    else if(ASN_NO_SIGNER_E == detail) {
+      if(data->set.ssl.verifypeer) {
+        failf(data, "\tCA signer not available for verification\n");
+        return CURLE_SSL_CACERT_BADFILE;
+      }
+      else {
+        /* Just continue with a warning if no strict certificate
+           verification is required. */
+        infof(data, "CA signer not available for verification, "
+                    "continuing anyway\n");
+      }
+    }
      else {
        failf(data, "SSL_connect failed with error %d: %s", detail,
            ERR_error_string(detail, error_buffer));
author	Dan Fandrich <dan@coneharvesters.com>
	Tue, 22 Jul 2014 22:43:47 +0000 (00:43 +0200)
committer	Dan Fandrich <dan@coneharvesters.com>
	Tue, 22 Jul 2014 22:52:56 +0000 (00:52 +0200)