ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code

Long live CURLE_PEER_FAILED_VERIFICATION
2025-01-24 14:15:18 +08:00 · 2018-08-22 11:13:32 -07:00 · 2018-08-22 11:13:32 -07:00 · 3f3b26d6fe
commit 3f3b26d6fe
parent 0029aabc56
10 changed files with 17 additions and 18 deletions
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@ -113,7 +113,7 @@ CURLE_SEND_ERROR                7.10
 CURLE_SEND_FAIL_REWIND          7.12.3
 CURLE_SHARE_IN_USE              7.9.6         7.17.0
 CURLE_SSH                       7.16.1
-CURLE_SSL_CACERT                7.10
+CURLE_SSL_CACERT                7.10          7.62.0
 CURLE_SSL_CACERT_BADFILE        7.16.0
 CURLE_SSL_CERTPROBLEM           7.10
 CURLE_SSL_CIPHER                7.10
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@ -517,8 +517,7 @@ typedef enum {
  CURLE_UNKNOWN_OPTION,          /* 48 - User specified an unknown option */
  CURLE_TELNET_OPTION_SYNTAX,    /* 49 - Malformed telnet option */
  CURLE_OBSOLETE50,              /* 50 - NOT USED */
-  CURLE_PEER_FAILED_VERIFICATION, /* 51 - peer's certificate or fingerprint
-                                     wasn't verified fine */
+  CURLE_OBSOLETE51,              /* 51 - NOT USED */
  CURLE_GOT_NOTHING,             /* 52 - when this is a specific error */
  CURLE_SSL_ENGINE_NOTFOUND,     /* 53 - SSL crypto engine not found */
  CURLE_SSL_ENGINE_SETFAILED,    /* 54 - can not set SSL crypto engine as
@ -528,7 +527,8 @@ typedef enum {
  CURLE_OBSOLETE57,              /* 57 - NOT IN USE */
  CURLE_SSL_CERTPROBLEM,         /* 58 - problem with the local certificate */
  CURLE_SSL_CIPHER,              /* 59 - couldn't use specified cipher */
-  CURLE_SSL_CACERT,              /* 60 - problem with the CA cert (path?) */
+  CURLE_PEER_FAILED_VERIFICATION, /* 60 - peer's certificate or fingerprint
+                                     wasn't verified fine */
  CURLE_BAD_CONTENT_ENCODING,    /* 61 - Unrecognized/bad encoding */
  CURLE_LDAP_INVALID_URL,        /* 62 - Invalid LDAP URL */
  CURLE_FILESIZE_EXCEEDED,       /* 63 - Maximum file size exceeded */
@ -584,6 +584,9 @@ typedef enum {
  CURL_LAST /* never use! */
 } CURLcode;

+/* added in 7.62.0 */
+#define CURLE_SSL_CACERT CURLE_PEER_FAILED_VERIFICATION
+
 #ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
                          the obsolete stuff removed! */

--- a/lib/strerror.c
+++ b/lib/strerror.c
@ -191,9 +191,6 @@ curl_easy_strerror(CURLcode error)
  case CURLE_TELNET_OPTION_SYNTAX :
    return "Malformed telnet option";

-  case CURLE_PEER_FAILED_VERIFICATION:
-    return "SSL peer certificate or SSH remote key was not OK";
-
  case CURLE_GOT_NOTHING:
    return "Server returned nothing (no headers, no data)";

@ -218,9 +215,8 @@ curl_easy_strerror(CURLcode error)
  case CURLE_SSL_CIPHER:
    return "Couldn't use specified SSL cipher";

-  case CURLE_SSL_CACERT:
-    return "Peer certificate cannot be authenticated with given CA "
-      "certificates";
+  case CURLE_PEER_FAILED_VERIFICATION:
+    return "SSL peer certificate or SSH remote key was not OK";

  case CURLE_SSL_CACERT_BADFILE:
    return "Problem with the SSL CA cert (path? access rights?)";
@ -324,6 +320,7 @@ curl_easy_strerror(CURLcode error)
  case CURLE_OBSOLETE44:
  case CURLE_OBSOLETE46:
  case CURLE_OBSOLETE50:
+  case CURLE_OBSOLETE51:
  case CURLE_OBSOLETE57:
  case CURL_LAST:
    break;
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@ -2099,7 +2099,7 @@ static int append_cert_to_array(struct Curl_easy *data,
    switch(result) {
      case CURLE_OK:
        break;
-      case CURLE_SSL_CACERT:
+      case CURLE_PEER_FAILED_VERIFICATION:
        return CURLE_SSL_CACERT_BADFILE;
      case CURLE_OUT_OF_MEMORY:
      default:
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@ -1522,7 +1522,6 @@ static bool is_nss_error(CURLcode err)
 {
  switch(err) {
  case CURLE_PEER_FAILED_VERIFICATION:
-  case CURLE_SSL_CACERT:
  case CURLE_SSL_CERTPROBLEM:
  case CURLE_SSL_CONNECT_ERROR:
  case CURLE_SSL_ISSUER_ERROR:
--- a/tests/data/test1538
+++ b/tests/data/test1538
@ -83,7 +83,7 @@ e47: Number of redirects hit maximum amount
 e48: An unknown option was passed in to libcurl
 e49: Malformed telnet option
 e50: Unknown error
-e51: SSL peer certificate or SSH remote key was not OK
+e51: Unknown error
 e52: Server returned nothing (no headers, no data)
 e53: SSL crypto engine not found
 e54: Can not set SSL crypto engine as default
@ -92,7 +92,7 @@ e56: Failure when receiving data from the peer
 e57: Unknown error
 e58: Problem with the local SSL certificate
 e59: Couldn't use specified SSL cipher
-e60: Peer certificate cannot be authenticated with given CA certificates
+e60: SSL peer certificate or SSH remote key was not OK
 e61: Unrecognized or bad HTTP Content or Transfer-Encoding
 e62: Invalid LDAP URL
 e63: Maximum file size exceeded
--- a/tests/data/test311
+++ b/tests/data/test311
@ -37,7 +37,7 @@ perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0
 # Verify data after the test has been "shot"
 <verify>
 <errorcode>
-51
+60
 </errorcode>
 </verify>
 </testcase>
--- a/tests/data/test312
+++ b/tests/data/test312
@ -37,7 +37,7 @@ perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0
 # Verify data after the test has been "shot"
 <verify>
 <errorcode>
-51
+60
 </errorcode>
 </verify>
 </testcase>
--- a/tests/data/test630
+++ b/tests/data/test630
@ -25,7 +25,7 @@ SFTP incorrect host key
 # Verify data after the test has been "shot"
 <verify>
 <errorcode>
-51
+60
 </errorcode>
 <valgrind>
 disable
--- a/tests/data/test631
+++ b/tests/data/test631
@ -25,7 +25,7 @@ SCP incorrect host key
 # Verify data after the test has been "shot"
 <verify>
 <errorcode>
-51
+60
 </errorcode>
 <valgrind>
 disable