CURLE_TLSAUTH_FAILED: removed

On second thought, I think CURLE_TLSAUTH_FAILED should be eliminated. It
was only being raised when an internal error occurred while allocating
or setting the GnuTLS SRP client credentials struct. For TLS
authentication failures, the general CURLE_SSL_CONNECT_ERROR seems
appropriate; its error string already includes "passwords" as a possible
cause. Having a separate TLS auth error code might also cause people to
think that a TLS auth failure means the wrong username or password was
entered, when it could also be a sign of a man-in-the-middle attack.

diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index bbd629d66ef9dd8b073024072fa49238c7a82f61..bacf5277eb4fbe0d87075c52f484357bc87e27c4 100644 (file)
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -123,7 +123,6 @@ CURLE_TFTP_NOSUCHUSER           7.15.0
 CURLE_TFTP_NOTFOUND             7.15.0
 CURLE_TFTP_PERM                 7.15.0
 CURLE_TFTP_UNKNOWNID            7.15.0
-CURLE_TLSAUTH_FAILED            7.21.4
 CURLE_TOO_MANY_REDIRECTS        7.5
 CURLE_UNKNOWN_TELNET_OPTION     7.7
 CURLE_UNSUPPORTED_PROTOCOL      7.1

diff --git a/include/curl/curl.h b/include/curl/curl.h
index bf6542076ef9a2f146a66bc40bdd97c2c9397867..4744f48305a1b8a3fa8f9f7cc8866091ca9eac3e 100644 (file)
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -502,7 +502,6 @@ typedef enum {
   CURLE_RTSP_SESSION_ERROR,      /* 86 - mismatch of RTSP Session Identifiers */
   CURLE_FTP_BAD_FILE_LIST,       /* 87 - unable to parse FTP file list */
   CURLE_CHUNK_FAILED,            /* 88 - chunk callback reported error */
-  CURLE_TLSAUTH_FAILED,          /* 89 - Failed TLS authentication */
 
   CURL_LAST /* never use! */
 } CURLcode;

diff --git a/lib/gtls.c b/lib/gtls.c
index 89174edf25f14364f6f95bc12e2bdbb806b97744..71ceb34d9764b60c0f9d40bc1c9614c8811a75ad 100644 (file)
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -354,7 +354,7 @@ gtls_connect_step1(struct connectdata *conn,
     if(rc != GNUTLS_E_SUCCESS) {
       failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
             gnutls_strerror(rc));
-      return CURLE_TLSAUTH_FAILED;
+      return CURLE_OUT_OF_MEMORY;
     }
 
     rc = gnutls_srp_set_client_credentials(conn->ssl[sockindex].srp_client_cred,
@@ -363,7 +363,7 @@ gtls_connect_step1(struct connectdata *conn,
     if(rc != GNUTLS_E_SUCCESS) {
       failf(data, "gnutls_srp_set_client_cred() failed: %s",
             gnutls_strerror(rc));
-      return CURLE_TLSAUTH_FAILED;
+      return CURLE_BAD_FUNCTION_ARGUMENT;
     }
   }
 #endif

diff --git a/lib/strerror.c b/lib/strerror.c
index 6b67a87775483db1a4260b753f9361f2c5d498f2..a88cdc4eb65e526944289c3e571080f350826c16 100644 (file)
--- a/lib/strerror.c
+++ b/lib/strerror.c
@@ -281,9 +281,6 @@ curl_easy_strerror(CURLcode error)
   case CURLE_CHUNK_FAILED:
     return "Chunk callback failed";
 
-  case CURLE_TLSAUTH_FAILED:
-    return "TLS Authentication failed";
-
     /* error codes not used by current libcurl */
   case CURLE_OBSOLETE4:
   case CURLE_OBSOLETE10: