[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 191/411: schannel: return CURLE_PEER_FAILED_VERIFICATION for unt
|
From: |
gnunet |
|
Subject: |
[gnurl] 191/411: schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root |
|
Date: |
Wed, 13 Jan 2021 01:20:06 +0100 |
This is an automated email from the git hooks/post-receive script.
nikita pushed a commit to branch master
in repository gnurl.
commit abeeffb11c996aed90ea465fa2128bfa564a1542
Author: Daniel Stenberg <daniel@haxx.se>
AuthorDate: Mon Sep 28 08:30:25 2020 +0200
schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root
This matches what is returned in other TLS backends in the same
situation.
Reviewed-by: Jay Satiro
Reviewed-by: Emil Engler
Follow-up to 5a3efb1
Reported-by: iammrtau on github
Fixes #6003
Closes #6018
---
lib/vtls/schannel.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 1fe9b7b8d..c7e4e793c 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -1181,6 +1181,10 @@ schannel_connect_step2(struct connectdata *conn, int
sockindex)
failf(data, "schannel: SNI or certificate check failed: %s",
Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer)));
return CURLE_PEER_FAILED_VERIFICATION;
+ case SEC_E_UNTRUSTED_ROOT:
+ failf(data, "schannel: %s",
+ Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer)));
+ return CURLE_PEER_FAILED_VERIFICATION;
/*
case SEC_E_INVALID_HANDLE:
case SEC_E_INVALID_TOKEN:
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnurl] 234/411: tests/server/util.c: fix support for Windows Unicode builds, (continued)
- [gnurl] 234/411: tests/server/util.c: fix support for Windows Unicode builds, gnunet, 2021/01/12
- [gnurl] 235/411: CI/tests: fix invocation of tests for CMake builds, gnunet, 2021/01/12
- [gnurl] 227/411: checksrc: detect // comments on column 0, gnunet, 2021/01/12
- [gnurl] 199/411: sectransp: make it build with --disable-proxy, gnunet, 2021/01/12
- [gnurl] 246/411: runtests: return error if no tests ran, gnunet, 2021/01/12
- [gnurl] 228/411: runtests.pl: use $LIBDIR variable instead of hardcoded path, gnunet, 2021/01/12
- [gnurl] 211/411: strerror: fix null deref on winapi out-of-memory, gnunet, 2021/01/12
- [gnurl] 237/411: mailmap: fixups of some contributors, gnunet, 2021/01/12
- [gnurl] 204/411: examples/README: convert to markdown, gnunet, 2021/01/12
- [gnurl] 252/411: http3: fix two build errors, silence warnings, gnunet, 2021/01/12
- [gnurl] 191/411: schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root,
gnunet <=
- [gnurl] 264/411: CMake: call the feature unixsockets without dash, gnunet, 2021/01/12
- [gnurl] 207/411: tests/unit/README: convert to markdown, gnunet, 2021/01/12
- [gnurl] 261/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 215/411: test1465: verify --libcurl with binary POST data, gnunet, 2021/01/12
- [gnurl] 192/411: ROADMAP: updates and cleanups, gnunet, 2021/01/12
- [gnurl] 242/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 262/411: runtests: revert the mistaken edit of $CURL, gnunet, 2021/01/12
- [gnurl] 195/411: libssh2: handle the SSH protocols done over HTTPS proxy, gnunet, 2021/01/12
- [gnurl] 230/411: src/Makefile.m32: fix undefined curlx_dyn_* errors, gnunet, 2021/01/12
- [gnurl] 263/411: CI/travis: add brotli and zstd to the libssh2 build, gnunet, 2021/01/12