On Sun, 4 May 2014, 志平林 wrote:
I mean the errorInfo is always 0.After debug, I found:SSL connection failed
in ossl_connect_step2(), and ossl_connect_common returned, so
data->set.ssl.certverifyresult will not be set.After add
data->set.ssl.certverifyresult=SSL_get_verify_result(connssl->handle) in
ossl_connect_step2(), I can get right errorInfo.
Are you talking about a fix like the following?
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 5a66566..9713afb 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1498,10 +1498,12 @@ ossl_connect_step1(struct connectdata *conn,
DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
/* Make funny stuff to get random input */
Curl_ossl_seed(data);
+ data->set.ssl.certverifyresult = !X509_V_OK;
+
/* check to see if we've been told to use an explicit SSL/TLS version */
switch(data->set.ssl.version) {
default:
case CURL_SSLVERSION_DEFAULT:
@@ -2360,12 +2362,10 @@ static CURLcode servercert(struct connectdata *conn,
if(data->set.ssl.certinfo)
/* we've been asked to gather certificate info! */
(void)get_cert_chain(conn, connssl);
- data->set.ssl.certverifyresult = !X509_V_OK;
-
connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
if(!connssl->server_cert) {
if(strict)
failf(data, "SSL: couldn't get peer certificate!");
return CURLE_PEER_FAILED_VERIFICATION;
--
/ daniel.haxx.se-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
