infof(data, " SSL certificate verification SKIPPED");
/* initialize an X.509 certificate structure. */
- gnutls_x509_crt_init(&x509_cert);
+ if(gnutls_x509_crt_init(&x509_cert)) {
+ failf(data, "failed to init gnutls x509_crt");
+ *certverifyresult = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ result = CURLE_SSL_CONNECT_ERROR;
+ goto out;
+ }
- if(chain.certs)
+ if(chain.certs) {
/* convert the given DER or PEM encoded Certificate to the native
gnutls_x509_crt_t format */
- gnutls_x509_crt_import(x509_cert, chain.certs, GNUTLS_X509_FMT_DER);
+ rc = gnutls_x509_crt_import(x509_cert, chain.certs, GNUTLS_X509_FMT_DER);
+ if(rc) {
+ failf(data, "error parsing server's certificate chain");
+ *certverifyresult = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ result = CURLE_SSL_CONNECT_ERROR;
+ goto out;
+ }
+ }
/* Check for time-based validity */
certclock = gnutls_x509_crt_get_expiration_time(x509_cert);
if(config->issuercert) {
gnutls_datum_t issuerp;
- gnutls_x509_crt_init(&x509_issuer);
+ if(gnutls_x509_crt_init(&x509_issuer)) {
+ failf(data, "failed to init gnutls x509_crt for issuer");
+ result = CURLE_SSL_ISSUER_ERROR;
+ goto out;
+ }
issuerp = load_file(config->issuercert);
- gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM);
- rc = (int)gnutls_x509_crt_check_issuer(x509_cert, x509_issuer);
+ rc = gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM);
+ if(!rc)
+ rc = (int)gnutls_x509_crt_check_issuer(x509_cert, x509_issuer);
unload_file(issuerp);
if(rc <= 0) {
failf(data, "server certificate issuer check failed (IssuerCert: %s)",
projects / thirdparty / curl.git / commitdiff
