summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2012-04-06 15:10:59 +0200
committerDaniel Stenberg <daniel@haxx.se>2012-04-06 15:10:59 +0200
commit376b4d48feea9da98eda15ddf05c86729d9dc3f1 (patch)
treee142a9e3cf272b3d01afb99780ea13e639eb67db /lib
parent118e73306d142a3146356ebf24e2446a65e9fe6f (diff)
downloadcurl-376b4d48feea9da98eda15ddf05c86729d9dc3f1.tar.gz
PolarSSL: correct return code for CRL matches
When a server certificate matches one in the given CRL file, the code now returns CURLE_SSL_CACERT as test case 313 expects and verifies.
Diffstat (limited to 'lib')
-rw-r--r--lib/polarssl.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/polarssl.c b/lib/polarssl.c
index 15a3e15b5..39816baf0 100644
--- a/lib/polarssl.c
+++ b/lib/polarssl.c
@@ -291,8 +291,10 @@ polarssl_connect_step2(struct connectdata *conn,
if(ret & BADCERT_EXPIRED)
failf(data, "Cert verify failed: BADCERT_EXPIRED\n");
- if(ret & BADCERT_REVOKED)
+ if(ret & BADCERT_REVOKED) {
failf(data, "Cert verify failed: BADCERT_REVOKED");
+ return CURLE_SSL_CACERT;
+ }
if(ret & BADCERT_CN_MISMATCH)
failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");