summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2020-09-28 08:30:25 +0200
committerDaniel Stenberg <daniel@haxx.se>2020-09-28 10:41:51 +0200
commitabeeffb11c996aed90ea465fa2128bfa564a1542 (patch)
treefa115f279e8a7334a6ee8f2735dbdba336001c30
parent1e3c52fba73a772138bd54b32fbc17568c7cce28 (diff)
downloadcurl-abeeffb11c996aed90ea465fa2128bfa564a1542.tar.gz
schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root
This matches what is returned in other TLS backends in the same situation. Reviewed-by: Jay Satiro Reviewed-by: Emil Engler Follow-up to 5a3efb1 Reported-by: iammrtau on github Fixes #6003 Closes #6018
-rw-r--r--lib/vtls/schannel.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 1fe9b7b8d..c7e4e793c 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -1181,6 +1181,10 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
failf(data, "schannel: SNI or certificate check failed: %s",
Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer)));
return CURLE_PEER_FAILED_VERIFICATION;
+ case SEC_E_UNTRUSTED_ROOT:
+ failf(data, "schannel: %s",
+ Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer)));
+ return CURLE_PEER_FAILED_VERIFICATION;
/*
case SEC_E_INVALID_HANDLE:
case SEC_E_INVALID_TOKEN: