diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-09-28 08:30:25 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-09-28 10:41:51 +0200 |
commit | abeeffb11c996aed90ea465fa2128bfa564a1542 (patch) | |
tree | fa115f279e8a7334a6ee8f2735dbdba336001c30 | |
parent | 1e3c52fba73a772138bd54b32fbc17568c7cce28 (diff) | |
download | curl-abeeffb11c996aed90ea465fa2128bfa564a1542.tar.gz |
schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root
This matches what is returned in other TLS backends in the same
situation.
Reviewed-by: Jay Satiro
Reviewed-by: Emil Engler
Follow-up to 5a3efb1
Reported-by: iammrtau on github
Fixes #6003
Closes #6018
-rw-r--r-- | lib/vtls/schannel.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 1fe9b7b8d..c7e4e793c 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -1181,6 +1181,10 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) failf(data, "schannel: SNI or certificate check failed: %s", Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); return CURLE_PEER_FAILED_VERIFICATION; + case SEC_E_UNTRUSTED_ROOT: + failf(data, "schannel: %s", + Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); + return CURLE_PEER_FAILED_VERIFICATION; /* case SEC_E_INVALID_HANDLE: case SEC_E_INVALID_TOKEN: |