schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root

This matches what is returned in other TLS backends in the same situation. Reviewed-by: Jay Satiro Reviewed-by: Emil Engler Follow-up to 5a3efb1 Reported-by: iammrtau on github Fixes #6003 Closes #6018
author: Daniel Stenberg <daniel@haxx.se> 2020-09-28 08:30:25 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2020-09-28 10:41:51 +0200
commit: abeeffb11c996aed90ea465fa2128bfa564a1542 (patch)
tree: fa115f279e8a7334a6ee8f2735dbdba336001c30 /lib/vtls/schannel.c
parent: 1e3c52fba73a772138bd54b32fbc17568c7cce28 (diff)
download: curl-abeeffb11c996aed90ea465fa2128bfa564a1542.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 1fe9b7b8d..c7e4e793c 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -1181,6 +1181,10 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
         failf(data, "schannel: SNI or certificate check failed: %s",
               Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer)));
         return CURLE_PEER_FAILED_VERIFICATION;
+      case SEC_E_UNTRUSTED_ROOT:
+        failf(data, "schannel: %s",
+              Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer)));
+        return CURLE_PEER_FAILED_VERIFICATION;
         /*
           case SEC_E_INVALID_HANDLE:
           case SEC_E_INVALID_TOKEN:
author	Daniel Stenberg <daniel@haxx.se>	2020-09-28 08:30:25 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2020-09-28 10:41:51 +0200
commit	abeeffb11c996aed90ea465fa2128bfa564a1542 (patch)
tree	fa115f279e8a7334a6ee8f2735dbdba336001c30 /lib/vtls/schannel.c
parent	1e3c52fba73a772138bd54b32fbc17568c7cce28 (diff)
download	curl-abeeffb11c996aed90ea465fa2128bfa564a1542.tar.gz