curl / Mailing Lists / curl-library / Single Mail


Suggestion for an error return code change

From: - <>
Date: Fri, 1 Sep 2017 21:12:18 +0100

I'm working with libcurl 7.55.1 under Windows, using Windows SSPI and
Schannel, not OpenSSL.


In lib\vtls\schannel.c, line 635, the error handling is:


      return sspi_status == SEC_E_UNTRUSTED_ROOT ?



I think that CURLE_SSL_CACERT_BADFILE should be CURLE_SSL_CACERT instead,
since at this point there's no attempt to read a file set via the
CURLOPT_CAPATH option, and you get an error code that refers to the
certificate bundle when you haven't given Curl a certificate bundle. The
docs for CURLOPT_CAPATH say it doesn't work in Windows, and this code path
is (I think) Windows-specific, so I can't see how a certificate bundle would
ever be used in this scenario.


Because the real problem here is that the root is not trusted, the error
code of CURLE_SSL_CACERT seems to make more sense.

Received on 2017-09-01