On Sun, 4 May 2014, ־ƽÁÖ wrote:

> I mean the errorInfo is always 0.After debug, I found:SSL connection failed
> in ossl_connect_step2(), and ossl_connect_common returned, so
> data->set.ssl.certverifyresult will not be set.After add
> data->set.ssl.certverifyresult=SSL_get_verify_result(connssl->handle) in
> ossl_connect_step2(), I can get right errorInfo.

Are you talking about a fix like the following?

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 5a66566..9713afb 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1498,10 +1498,12 @@ ossl_connect_step1(struct connectdata *conn,
    DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);

    /* Make funny stuff to get random input */
    Curl_ossl_seed(data);

+ data->set.ssl.certverifyresult = !X509_V_OK;
+
    /* check to see if we've been told to use an explicit SSL/TLS version */

    switch(data->set.ssl.version) {
    default:
    case CURL_SSLVERSION_DEFAULT:
@@ -2360,12 +2362,10 @@ static CURLcode servercert(struct connectdata *conn,

    if(data->set.ssl.certinfo)
      /* we've been asked to gather certificate info! */
      (void)get_cert_chain(conn, connssl);

- data->set.ssl.certverifyresult = !X509_V_OK;
-
    connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
    if(!connssl->server_cert) {
      if(strict)
        failf(data, "SSL: couldn't get peer certificate!");
      return CURLE_PEER_FAILED_VERIFICATION;

-- 
  / daniel.haxx.se

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-05-04