ssl: replace all internal uses of CURLE_SSL_CACERT

Closes #3291
author: Han Han <hhan@thousandeyes.com> 2018-11-19 17:48:59 -0800
committer: Daniel Stenberg <daniel@haxx.se> 2018-11-20 14:57:00 +0100
commit: 78ff4e0de3c53b026bb23a92c5c7abe3d285038e (patch)
tree: 3d823e731507e9d9efe4ce291550a2b59b616a46
parent: 89d2e95f783963778b3db45a398360b94587c295 (diff)
download: curl-78ff4e0de3c53b026bb23a92c5c7abe3d285038e.tar.gz
8 files changed, 20 insertions, 20 deletions
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index e8116b8a1..bae221a3d 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -950,7 +950,7 @@ static CURLcode CopyCertSubject(struct Curl_easy *data,
 
   if(!c) {
     failf(data, "SSL: invalid CA certificate subject");
-    return CURLE_SSL_CACERT;
+    return CURLE_PEER_FAILED_VERIFICATION;
   }
 
   /* If the subject is already available as UTF-8 encoded (ie 'direct') then
@@ -970,7 +970,7 @@ static CURLcode CopyCertSubject(struct Curl_easy *data,
       if(!CFStringGetCString(c, cbuf, cbuf_size,
                              kCFStringEncodingUTF8)) {
         failf(data, "SSL: invalid CA certificate subject");
-        result = CURLE_SSL_CACERT;
+        result = CURLE_PEER_FAILED_VERIFICATION;
       }
       else
         /* pass back the buffer */
@@ -1649,7 +1649,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
         }
 
         CFRelease(cert);
-        if(result == CURLE_SSL_CACERT)
+        if(result == CURLE_PEER_FAILED_VERIFICATION)
           return CURLE_SSL_CERTPROBLEM;
         if(result)
           return result;
@@ -2429,37 +2429,37 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
       /* These are all certificate problems with the server: */
       case errSSLXCertChainInvalid:
         failf(data, "SSL certificate problem: Invalid certificate chain");
-        return CURLE_SSL_CACERT;
+        return CURLE_PEER_FAILED_VERIFICATION;
       case errSSLUnknownRootCert:
         failf(data, "SSL certificate problem: Untrusted root certificate");
-        return CURLE_SSL_CACERT;
+        return CURLE_PEER_FAILED_VERIFICATION;
       case errSSLNoRootCert:
         failf(data, "SSL certificate problem: No root certificate");
-        return CURLE_SSL_CACERT;
+        return CURLE_PEER_FAILED_VERIFICATION;
       case errSSLCertNotYetValid:
         failf(data, "SSL certificate problem: The certificate chain had a "
                     "certificate that is not yet valid");
-        return CURLE_SSL_CACERT;
+        return CURLE_PEER_FAILED_VERIFICATION;
       case errSSLCertExpired:
       case errSSLPeerCertExpired:
         failf(data, "SSL certificate problem: Certificate chain had an "
               "expired certificate");
-        return CURLE_SSL_CACERT;
+        return CURLE_PEER_FAILED_VERIFICATION;
       case errSSLBadCert:
       case errSSLPeerBadCert:
         failf(data, "SSL certificate problem: Couldn't understand the server "
               "certificate format");
-        return CURLE_SSL_CACERT;
+        return CURLE_PEER_FAILED_VERIFICATION;
       case errSSLPeerUnsupportedCert:
         failf(data, "SSL certificate problem: An unsupported certificate "
                     "format was encountered");
-        return CURLE_SSL_CACERT;
+        return CURLE_PEER_FAILED_VERIFICATION;
       case errSSLPeerCertRevoked:
         failf(data, "SSL certificate problem: The certificate was revoked");
-        return CURLE_SSL_CACERT;
+        return CURLE_PEER_FAILED_VERIFICATION;
       case errSSLPeerCertUnknown:
         failf(data, "SSL certificate problem: The certificate is unknown");
-        return CURLE_SSL_CACERT;
+        return CURLE_PEER_FAILED_VERIFICATION;
 
       /* These are all certificate problems with the client: */
       case errSecAuthFailed:
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 37662a748..84331a425 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -1110,7 +1110,7 @@ gtls_connect_step3(struct connectdata *conn,
               "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
               "none",
               SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none");
-        return CURLE_SSL_CACERT;
+        return CURLE_PEER_FAILED_VERIFICATION;
       }
       else
         infof(data, "\t server certificate verification FAILED\n");
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index c5ed8872e..6adafff8b 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -580,7 +580,7 @@ mbed_connect_step2(struct connectdata *conn,
 
     if(ret & MBEDTLS_X509_BADCERT_REVOKED) {
       failf(data, "Cert verify failed: BADCERT_REVOKED");
-      return CURLE_SSL_CACERT;
+      return CURLE_PEER_FAILED_VERIFICATION;
     }
 
     if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 427ab91aa..3da66249c 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -2081,7 +2081,7 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
     else if(*certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
       result = CURLE_PEER_FAILED_VERIFICATION;
     else if(*certverifyresult != 0)
-      result = CURLE_SSL_CACERT;
+      result = CURLE_PEER_FAILED_VERIFICATION;
     goto error;
   }
 
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 0e0fc0acb..2f67595f2 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2719,7 +2719,7 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
 
       if((lib == ERR_LIB_SSL) &&
          (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) {
-        result = CURLE_SSL_CACERT;
+        result = CURLE_PEER_FAILED_VERIFICATION;
 
         lerr = SSL_get_verify_result(BACKEND->handle);
         if(lerr != X509_V_OK) {
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index 27af0ccf3..cb038ecbb 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -497,7 +497,7 @@ polarssl_connect_step2(struct connectdata *conn,
 
     if(ret & BADCERT_REVOKED) {
       failf(data, "Cert verify failed: BADCERT_REVOKED");
-      return CURLE_SSL_CACERT;
+      return CURLE_PEER_FAILED_VERIFICATION;
     }
 
     if(ret & BADCERT_CN_MISMATCH)
diff --git a/packages/OS400/curl.inc.in b/packages/OS400/curl.inc.in
index e916cf7ab..b13358704 100644
--- a/packages/OS400/curl.inc.in
+++ b/packages/OS400/curl.inc.in
@@ -586,7 +586,7 @@
      d  CURLE_HTTP2_STREAM...
      d                 c                   92
       *
-     d  CURLE_SSL_CACERT...
+     d  CURLE_PEER_FAILED_VERIFICATION...
      d                 c                   60
       *
       /if not defined(CURL_NO_OLDIES)
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 46ca316f9..e53a9d867 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -97,7 +97,7 @@ CURLcode curl_easy_perform_ev(CURL *easy);
 static bool is_fatal_error(CURLcode code)
 {
   switch(code) {
-  /* TODO: Should CURLE_SSL_CACERT be included as critical error ? */
+  /* TODO: Should CURLE_PEER_FAILED_VERIFICATION be a critical error? */
   case CURLE_FAILED_INIT:
   case CURLE_OUT_OF_MEMORY:
   case CURLE_UNKNOWN_OPTION:
@@ -1805,7 +1805,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
         else if(result && global->showerror) {
           fprintf(global->errors, "curl: (%d) %s\n", result, (errorbuffer[0]) ?
                   errorbuffer : curl_easy_strerror(result));
-          if(result == CURLE_SSL_CACERT)
+          if(result == CURLE_PEER_FAILED_VERIFICATION)
             fputs(CURL_CA_CERT_ERRORMSG, global->errors);
         }
author	Han Han <hhan@thousandeyes.com>	2018-11-19 17:48:59 -0800
committer	Daniel Stenberg <daniel@haxx.se>	2018-11-20 14:57:00 +0100
commit	78ff4e0de3c53b026bb23a92c5c7abe3d285038e (patch)
tree	3d823e731507e9d9efe4ce291550a2b59b616a46
parent	89d2e95f783963778b3db45a398360b94587c295 (diff)
download	curl-78ff4e0de3c53b026bb23a92c5c7abe3d285038e.tar.gz