diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-08-27 22:12:55 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-08-27 22:33:36 +0200 |
| commit | 4b6003734006fd7e63812ba03eeefbb1525dc060 (patch) | |
| tree | e4a8c44eb4b30685529a777e796a791c76a90301 /lib | |
| parent | 5bc2123885d38bad739cd47b614e92eb3be95e96 (diff) | |
| download | gnutls-4b6003734006fd7e63812ba03eeefbb1525dc060.tar.gz | |
Introduced GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR to be returned by the auto-verification functions
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/alert.c | 1 | ||||
| -rw-r--r-- | lib/auto-verify.c | 10 | ||||
| -rw-r--r-- | lib/errors.c | 2 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 1 |
4 files changed, 9 insertions, 5 deletions
diff --git a/lib/alert.c b/lib/alert.c index f0c4af8eff..34f253b002 100644 --- a/lib/alert.c +++ b/lib/alert.c @@ -226,6 +226,7 @@ int gnutls_error_to_alert(int err, int *level) case GNUTLS_E_ASN1_SYNTAX_ERROR: case GNUTLS_E_ASN1_DER_OVERFLOW: case GNUTLS_E_CERTIFICATE_ERROR: + case GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR: ret = GNUTLS_A_BAD_CERTIFICATE; _level = GNUTLS_AL_FATAL; break; diff --git a/lib/auto-verify.c b/lib/auto-verify.c index 6445a410b2..45695fc959 100644 --- a/lib/auto-verify.c +++ b/lib/auto-verify.c @@ -47,7 +47,7 @@ static int auto_verify_cb(gnutls_session_t session) session->internals.vc_status = status; if (status != 0) /* Certificate is not trusted */ - return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); + return gnutls_assert_val(GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR); /* notify gnutls to continue handshake normally */ return 0; @@ -61,8 +61,8 @@ static int auto_verify_cb(gnutls_session_t session) * * This function instructs GnuTLS to verify the peer's certificate * using the provided hostname. If the verification fails the handshake - * will also fail. The verification result can be obtained using - * gnutls_session_get_verify_cert_status(). + * will also fail with %GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR. In that + * case the verification result can be obtained using gnutls_session_get_verify_cert_status(). * * The @hostname pointer provided must remain valid for the lifetime * of the session. More precisely it should be available during any subsequent @@ -102,8 +102,8 @@ void gnutls_session_auto_verify_cert(gnutls_session_t session, * * This function instructs GnuTLS to verify the peer's certificate * using the provided typed data information. If the verification fails the handshake - * will also fail. The verification result can be obtained using - * gnutls_session_get_verify_cert_status(). + * will also fail with %GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR. In that + * case the verification result can be obtained using gnutls_session_get_verify_cert_status(). * * The acceptable typed data are the same as in gnutls_certificate_verify_peers(), * and once set must remain valid for the lifetime of the session. More precisely diff --git a/lib/errors.c b/lib/errors.c index 219deb179a..41b0610f1c 100644 --- a/lib/errors.c +++ b/lib/errors.c @@ -154,6 +154,8 @@ static const gnutls_error_entry error_entries[] = { GNUTLS_E_RECORD_LIMIT_REACHED), ERROR_ENTRY(N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR), + ERROR_ENTRY(N_("Error in the certificate verification."), + GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR), ERROR_ENTRY(N_("Could not authenticate peer."), GNUTLS_E_AUTH_ERROR), ERROR_ENTRY(N_ diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index ab7bfe560f..8971bdd2f3 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2611,6 +2611,7 @@ int gnutls_fips140_mode_enabled(void); #define GNUTLS_E_SOCKETS_INIT_ERROR -345 #define GNUTLS_E_KEY_IMPORT_FAILED -346 #define GNUTLS_E_INAPPROPRIATE_FALLBACK -347 /*GNUTLS_A_INAPPROPRIATE_FALLBACK*/ +#define GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR -348 #define GNUTLS_E_SELF_TEST_ERROR -400 #define GNUTLS_E_NO_SELF_TEST -401 |