]> git.ipfire.org Git - thirdparty/curl.git/commitdiff
projects / thirdparty / curl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1e3c52f)
schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root
authorDaniel Stenberg <daniel@haxx.se>
Mon, 28 Sep 2020 06:30:25 +0000 (08:30 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 28 Sep 2020 08:41:51 +0000 (10:41 +0200)
This matches what is returned in other TLS backends in the same
situation.

Reviewed-by: Jay Satiro
Reviewed-by: Emil Engler
Follow-up to 5a3efb1
Reported-by: iammrtau on github
Fixes #6003
Closes #6018

lib/vtls/schannel.c patch | blob | blame | history

diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 1fe9b7b8dbbf8a33838e18e087b6435534846af7..c7e4e793ccb2ee88d519ead04187fd4c10111ff1 100644 (file)
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -1181,6 +1181,10 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
         failf(data, "schannel: SNI or certificate check failed: %s",
               Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer)));
         return CURLE_PEER_FAILED_VERIFICATION;
+      case SEC_E_UNTRUSTED_ROOT:
+        failf(data, "schannel: %s",
+              Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer)));
+        return CURLE_PEER_FAILED_VERIFICATION;
         /*
           case SEC_E_INVALID_HANDLE:
           case SEC_E_INVALID_TOKEN:
Mirror of https://github.com/curl/curl.git