> > 4) Use CURLINFO_SSL_VERIFYRESULT.
> >
> > Because OpenSSL returns no validation error, the field for this verify
> > result is available in the situation. When verifyhost() fails, return
> > code is unchanged from CURLE_PEER_FAILED_VERIFICATION and put newly
> > defined error code into data->set.ssl. certverifyresult which is
> > available by curl_easy_getinfo with CURLINFO_SSL_VERIFYRESULT. This
> > doesn't break existing application.
> >
> > We are ready to send a PR for solution 4, but before sending this, we
> > want to hear the voice of community.
>
> This is the approach I personally prefer. Just make sure you document the
> specific error codes and for what situations they are used, as detailed as
> possible. This is the sort of thing that people soon might want for other SSL
> backends as well and then we need detailed explanations to know how to
> implement and use them there as well...

Got it. Thanks for the comment. I'll open a PR.

----
Basuke Suzuki
Sony PlayStation
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html