summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2017-08-22 09:07:11 +0200
committerDaniel Stenberg <daniel@haxx.se>2017-08-22 09:07:11 +0200
commit84996b0151c7b558c290c78ccec938adb104faa4 (patch)
tree43a1c111463cc93105fc9bcdc44bfd07e54bb7d1
parentebf46317ee6f9174748fd587c9137270f35704e7 (diff)
downloadcurl-bagder/cacert-errormsg.tar.gz
curl: shorten and clean up CA cert verification error messagebagder/cacert-errormsg
The previuous message was just too long for ordinary people and it was encouraging users to use `--insecure` a little too easy. Based-on-work-by: Frank Denis in #1810
-rw-r--r--src/tool_operate.c28
1 files changed, 7 insertions, 21 deletions
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 202aba609..fd9a13921 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -92,21 +92,12 @@ CURLcode curl_easy_perform_ev(CURL *easy);
# define O_BINARY 0
#endif
-#define CURL_CA_CERT_ERRORMSG1 \
- "More details here: https://curl.haxx.se/docs/sslcerts.html\n\n" \
- "curl performs SSL certificate verification by default, " \
- "using a \"bundle\"\n" \
- " of Certificate Authority (CA) public keys (CA certs). If the default\n" \
- " bundle file isn't adequate, you can specify an alternate file\n" \
- " using the --cacert option.\n"
-
-#define CURL_CA_CERT_ERRORMSG2 \
- "If this HTTPS server uses a certificate signed by a CA represented in\n" \
- " the bundle, the certificate verification probably failed due to a\n" \
- " problem with the certificate (it might be expired, or the name might\n" \
- " not match the domain name in the URL).\n" \
- "If you'd like to turn off curl's verification of the certificate, use\n" \
- " the -k (or --insecure) option.\n"
+#define CURL_CA_CERT_ERRORMSG \
+ "More details here: https://curl.haxx.se/docs/sslcerts.html\n\n" \
+ "curl failed to verify the legitimacy of the server and therefore " \
+ "could not\nestablish a secure connection to it. To learn more about " \
+ "this situation and\nhow to fix it, please visit the web page mentioned " \
+ "above.\n"
static bool is_fatal_error(CURLcode code)
{
@@ -1784,12 +1775,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
fprintf(global->errors, "curl: (%d) %s\n", result, (errorbuffer[0]) ?
errorbuffer : curl_easy_strerror(result));
if(result == CURLE_SSL_CACERT)
- fprintf(global->errors, "%s%s%s",
- CURL_CA_CERT_ERRORMSG1, CURL_CA_CERT_ERRORMSG2,
- ((curlinfo->features & CURL_VERSION_HTTPS_PROXY) ?
- "HTTPS-proxy has similar options --proxy-cacert "
- "and --proxy-insecure.\n" :
- ""));
+ fputs(CURL_CA_CERT_ERRORMSG, global->errors);
}
/* Fall through comment to 'quit_urls' label */