cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH 2/2] throw CURLE_SSL_CERTPROBLEM in case peer rejects a cert

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 21 Mar 2010 00:47:27 +0100 (CET)

On Sun, 21 Mar 2010, Kamil Dudka wrote:

>> How about something along the lines I made in the attached patch? I
>> modified the internal API for the SSL receive function to allow the SSL
>> library to properly return the exact error code or -1 for EWOULDBLOCK.
>
> Overall I like the idea, though I haven't tested the patch yet. Should we
> do something like that for the Curl_ssl_send() equivalent, to keep the API
> uniform?

Yeah, that makes perfect sense - this will improve what error codes we return
for SSL-related errors and that can only be good for users. We should also
make sure that we update all comments etc in the code. I just went over this
rather quickly to show you my idea, I didn't test this either yet.

Oh, and I noticed this also fixes a rather hideous bug in the GnuTLS version
of the function which may return an CURLcode in an error case that will be
treated as number of bytes by the parent function...!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-03-21