diff options
| author | ejanchivdorj <ejanchivdorj@tableau.com> | 2021-03-10 23:50:13 -0800 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2021-05-03 17:11:01 +0200 |
| commit | 94241a9e78397a2aaf89a213e6ada61e7de7ee02 (patch) | |
| tree | 20226064392759a6e5f957923d5298e26bcb66fc /lib/vtls/openssl.c | |
| parent | 0acfe05c2ec01545aae7c3cfdfda91a71b1b24dc (diff) | |
| download | curl-94241a9e78397a2aaf89a213e6ada61e7de7ee02.tar.gz | |
CURLcode: add CURLE_SSL_CLIENTCERT
When a TLS server requests a client certificate during handshake and
none can be provided, libcurl now returns this new error code
CURLE_SSL_CLIENTCERT
Only supported by Secure Transport and OpenSSL for TLS 1.3 so far.
Closes #6721
Diffstat (limited to 'lib/vtls/openssl.c')
| -rw-r--r-- | lib/vtls/openssl.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index e1c15addd..de484d563 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3292,6 +3292,19 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data, error_buffer */ strcpy(error_buffer, "SSL certificate verification failed"); } +#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \ + !defined(LIBRESSL_VERSION_NUMBER) && \ + !defined(OPENSSL_IS_BORINGSSL)) + /* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on + OpenSSL version above v1.1.1, not Libre SSL nor BoringSSL */ + else if((lib == ERR_LIB_SSL) && + (reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) { + /* If client certificate is required, communicate the + error to client */ + result = CURLE_SSL_CLIENTCERT; + ossl_strerror(errdetail, error_buffer, sizeof(error_buffer)); + } +#endif else { result = CURLE_SSL_CONNECT_ERROR; ossl_strerror(errdetail, error_buffer, sizeof(error_buffer)); |