From 202c1cc22fc3b83dff93b7181f8eb3cc1a8e4a3f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 4 Sep 2017 00:02:29 +0200
Subject: schannel: return CURLE_SSL_CACERT on failed verification

... not *CACERT_BADFILE as it isn't really because of a bad file.

Bug: https://curl.haxx.se/mail/lib-2017-09/0002.html
Closes #1858
---
 lib/vtls/schannel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 473bebe21..64d180dc4 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -714,7 +714,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
         failf(data, "schannel: next InitializeSecurityContext failed: %s",
               Curl_sspi_strerror(conn, sspi_status));
       return sspi_status == SEC_E_UNTRUSTED_ROOT ?
-          CURLE_SSL_CACERT_BADFILE : CURLE_SSL_CONNECT_ERROR;
+          CURLE_SSL_CACERT : CURLE_SSL_CONNECT_ERROR;
     }
 
     /* check if there was additional remaining encrypted data */
-- 
cgit v1.2.1