With the recent fix of libcurl, it shall now return CURLE_SSL_CACERT when

it had problems withe CA cert and thus we offer a huge blurb of verbose
help to explain to the poor user why this happens.

1 files changed, 16 insertions, 2 deletions

diff --git a/src/main.c b/src/main.c
index 9b76423a6..15bb38c65 100644
--- a/src/main.c
+++ b/src/main.c
@@ -2966,8 +2966,22 @@ operate(struct Configurable *config, int argc, char *argv[])
         vms_show = VMSSTS_HIDE;
       }
 #else
-      if((res!=CURLE_OK) && config->showerror)
-        fprintf(config->errors, "curl: (%d) %s\n", res, errorbuffer);
+      if((res!=CURLE_OK) && config->showerror) {
+        if(CURLE_SSL_CACERT == res) {
+          fprintf(config->errors, "curl: (%d) %s\n\n", res, errorbuffer);
+#define CURL_CA_CERT_ERRORMSG \
+"More details here: http://curl.haxx.se/docs/sslcerts.html\n\n" \
+"curl does peer SSL certificate verification by default. If you\n" \
+"communicate with HTTPS servers using certificates that are signed by CAs\n" \
+"present in the bundle, you will get truly secure SSL connections.\n" \
+"Since you get this error, you probably forgot to point out a working CA\n" \
+"cert for your server, or you forgot to use the -k (or --insecure) option.\n"
+
+          fprintf(config->errors, "%s", CURL_CA_CERT_ERRORMSG);
+        }
+        else
+          fprintf(config->errors, "curl: (%d) %s\n", res, errorbuffer);
+      }
 #endif
 
       if (outfile && !curl_strequal(outfile, "-") && outs.stream)