From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 19 Sep 2001 21:49:11 +0000 (+0000)
Subject: Lots of praise and glory to Vojtech Minarik for setting up a test server
X-Git-Tag: curl-7_9~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=645413f5ef041ea796c957be58e992e41377420f;p=thirdparty%2Fcurl.git

Lots of praise and glory to Vojtech Minarik for setting up a test server
and providing me with test-certificates that helped me nail the problem with
curl not discovering with a bad certificate was used.
---

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 6636a9b0fe..7dfdef6213 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -200,7 +200,7 @@ int cert_stuff(struct connectdata *conn,
 
     if (SSL_CTX_use_certificate_file(conn->ssl.ctx,
 				     cert_file,
-				     SSL_FILETYPE_PEM) <= 0) {
+				     SSL_FILETYPE_PEM) != 1) {
       failf(data, "unable to set certificate file (wrong password?)\n");
       return(0);
     }
@@ -209,7 +209,7 @@ int cert_stuff(struct connectdata *conn,
 
     if (SSL_CTX_use_PrivateKey_file(conn->ssl.ctx,
 				    key_file,
-				    SSL_FILETYPE_PEM) <= 0) {
+				    SSL_FILETYPE_PEM) != 1) {
       failf(data, "unable to set public key file\n");
       return(0);
     }
@@ -612,7 +612,10 @@ Curl_SSLConnect(struct connectdata *conn)
   SSL_set_fd (conn->ssl.handle, conn->firstsocket);
   err = SSL_connect (conn->ssl.handle);
 
-  if (-1 == err) {
+  /* 1  is fine
+     0  is "not successful but was shut down controlled"
+     <0 is "handshake was not successful, because a fatal error occurred" */
+  if (err <= 0) {
     err = ERR_get_error(); 
     failf(data, "SSL: %s", ERR_error_string(err, NULL));
     return CURLE_SSL_CONNECT_ERROR;