From 84996b0151c7b558c290c78ccec938adb104faa4 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 22 Aug 2017 09:07:11 +0200 Subject: curl: shorten and clean up CA cert verification error message The previuous message was just too long for ordinary people and it was encouraging users to use `--insecure` a little too easy. Based-on-work-by: Frank Denis in #1810 --- src/tool_operate.c | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/src/tool_operate.c b/src/tool_operate.c index 202aba609..fd9a13921 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -92,21 +92,12 @@ CURLcode curl_easy_perform_ev(CURL *easy); # define O_BINARY 0 #endif -#define CURL_CA_CERT_ERRORMSG1 \ - "More details here: https://curl.haxx.se/docs/sslcerts.html\n\n" \ - "curl performs SSL certificate verification by default, " \ - "using a \"bundle\"\n" \ - " of Certificate Authority (CA) public keys (CA certs). If the default\n" \ - " bundle file isn't adequate, you can specify an alternate file\n" \ - " using the --cacert option.\n" - -#define CURL_CA_CERT_ERRORMSG2 \ - "If this HTTPS server uses a certificate signed by a CA represented in\n" \ - " the bundle, the certificate verification probably failed due to a\n" \ - " problem with the certificate (it might be expired, or the name might\n" \ - " not match the domain name in the URL).\n" \ - "If you'd like to turn off curl's verification of the certificate, use\n" \ - " the -k (or --insecure) option.\n" +#define CURL_CA_CERT_ERRORMSG \ + "More details here: https://curl.haxx.se/docs/sslcerts.html\n\n" \ + "curl failed to verify the legitimacy of the server and therefore " \ + "could not\nestablish a secure connection to it. To learn more about " \ + "this situation and\nhow to fix it, please visit the web page mentioned " \ + "above.\n" static bool is_fatal_error(CURLcode code) { @@ -1784,12 +1775,7 @@ static CURLcode operate_do(struct GlobalConfig *global, fprintf(global->errors, "curl: (%d) %s\n", result, (errorbuffer[0]) ? errorbuffer : curl_easy_strerror(result)); if(result == CURLE_SSL_CACERT) - fprintf(global->errors, "%s%s%s", - CURL_CA_CERT_ERRORMSG1, CURL_CA_CERT_ERRORMSG2, - ((curlinfo->features & CURL_VERSION_HTTPS_PROXY) ? - "HTTPS-proxy has similar options --proxy-cacert " - "and --proxy-insecure.\n" : - "")); + fputs(CURL_CA_CERT_ERRORMSG, global->errors); } /* Fall through comment to 'quit_urls' label */ -- cgit v1.2.1