[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 110/411: openssl: consider ALERT_CERTIFICATE_EXPIRED a failed ve
|
From: |
gnunet |
|
Subject: |
[gnurl] 110/411: openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification |
|
Date: |
Wed, 13 Jan 2021 01:18:45 +0100 |
This is an automated email from the git hooks/post-receive script.
nikita pushed a commit to branch master
in repository gnurl.
commit 6d946ad9feb7d5809f071e4da6125fed28a04be0
Author: Daniel Stenberg <daniel@haxx.se>
AuthorDate: Mon Sep 7 16:20:16 2020 +0200
openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification
If the error reason from the lib is
SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED, libcurl will return
CURLE_PEER_FAILED_VERIFICATION and not CURLE_SSL_CONNECT_ERROR.
This unifies the libcurl return code and makes libressl run test 313
(CRL testing) fine.
Closes #5934
---
lib/vtls/openssl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 5d3da8234..0a5a37384 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3285,7 +3285,8 @@ static CURLcode ossl_connect_step2(struct connectdata
*conn, int sockindex)
reason = ERR_GET_REASON(errdetail);
if((lib == ERR_LIB_SSL) &&
- (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) {
+ ((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) ||
+ (reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) {
result = CURLE_PEER_FAILED_VERIFICATION;
lerr = SSL_get_verify_result(backend->handle);
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnurl] 36/411: RELEASE-NOTES: synced, (continued)
- [gnurl] 36/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 48/411: Curl_pgrsTime - return new time to avoid timeout integer overflow, gnunet, 2021/01/12
- [gnurl] 64/411: tls: add CURLOPT_SSL_EC_CURVES and --curves, gnunet, 2021/01/12
- [gnurl] 86/411: travis: add a CI job with openssl3 (from git master), gnunet, 2021/01/12
- [gnurl] 93/411: docs: add categories to all cmdline opts, gnunet, 2021/01/12
- [gnurl] 98/411: winbuild/rundebug.cmd: remove, gnunet, 2021/01/12
- [gnurl] 84/411: setopt: avoid curl_ on local variable, gnunet, 2021/01/12
- [gnurl] 80/411: curl_threads: make it 'struct Curl_actual_call', gnunet, 2021/01/12
- [gnurl] 103/411: test1541: remove since it is a known bug, gnunet, 2021/01/12
- [gnurl] 74/411: select: align poll emulation to return all relevant events, gnunet, 2021/01/12
- [gnurl] 110/411: openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification,
gnunet <=
- [gnurl] 81/411: vtls: make it 'struct Curl_ssl_session', gnunet, 2021/01/12
- [gnurl] 85/411: openssl: avoid error conditions when importing native CA, gnunet, 2021/01/12
- [gnurl] 124/411: tests: add test1912 to the dist, gnunet, 2021/01/12
- [gnurl] 91/411: connect.c: remove superfluous 'else' in Curl_getconnectinfo, gnunet, 2021/01/12
- [gnurl] 101/411: curl: retry delays in parallel mode no longer sleeps blocking, gnunet, 2021/01/12
- [gnurl] 106/411: tests/libtests: remove test 1900 and 2033, gnunet, 2021/01/12
- [gnurl] 82/411: wildcard: strip "curl_" prefix from private symbols, gnunet, 2021/01/12
- [gnurl] 73/411: CI/azure: MQTT is now enabled by default, gnunet, 2021/01/12
- [gnurl] 107/411: libtest: remove lib1541 leftovers, gnunet, 2021/01/12
- [gnurl] 99/411: build: drop support for building with Watcom, gnunet, 2021/01/12