diff options
| author | Carlos Martín Nieto <cmn@dwim.me> | 2014-04-26 14:16:42 +0200 |
|---|---|---|
| committer | Carlos Martín Nieto <cmn@dwim.me> | 2014-04-26 17:27:43 +0200 |
| commit | 51d3f6f5f2f9dc6c9f9dd64d3ccbd0afdcf6fb6e (patch) | |
| tree | dc7c8724c818a1e087eeadb02df3bd9eb64cf638 | |
| parent | 1f0d4f3d8dd5c87d3f42a913a1af9d6f1f2da437 (diff) | |
| download | libgit2-51d3f6f5f2f9dc6c9f9dd64d3ccbd0afdcf6fb6e.tar.gz | |
netops: provide more specific error for cert failure
Specify what we do not like about the certificate. In this case, we do
not like the name.
| -rw-r--r-- | src/netops.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/netops.c b/src/netops.c index 23f482b12..1e1832112 100644 --- a/src/netops.c +++ b/src/netops.c @@ -321,7 +321,7 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host) GENERAL_NAMES_free(alts); if (matched == 0) - goto cert_fail; + goto cert_fail_name; if (matched == 1) return 0; @@ -358,11 +358,11 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host) int size = ASN1_STRING_to_UTF8(&peer_cn, str); GITERR_CHECK_ALLOC(peer_cn); if (memchr(peer_cn, '\0', size)) - goto cert_fail; + goto cert_fail_name; } if (check_host_name((char *)peer_cn, host) < 0) - goto cert_fail; + goto cert_fail_name; OPENSSL_free(peer_cn); @@ -372,9 +372,9 @@ on_error: OPENSSL_free(peer_cn); return ssl_set_error(ssl, 0); -cert_fail: +cert_fail_name: OPENSSL_free(peer_cn); - giterr_set(GITERR_SSL, "Certificate host name check failed"); + giterr_set(GITERR_SSL, "hostname does not match certificate"); return -1; } |