netops: return GIT_ECERTIFICATE when it fails the basic testscmn/invalid-cert-return

When we first ask OpenSSL to verify the certfiicate itself (rather than the HTTPS specifics), we should also return GIT_ECERTIFICATE. Otherwise, the caller would consider this as a failed operation rather than a failed validation and not call the user's own validation.
author: Carlos Martín Nieto <cmn@dwim.me> 2014-11-02 16:12:10 +0100
committer: Carlos Martín Nieto <cmn@dwim.me> 2014-11-02 16:12:10 +0100
commit: 22fbb2656e3daf06c290d63d99b70c78f2f6d15d (patch)
tree: efbf6fc724d0f5bb6c347aebc4ae65a9d235cedc
parent: 264d74fd4088585fa9fb6ffd6d9afe280c0048bb (diff)
download: libgit2-cmn/invalid-cert-return.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/netops.c b/src/netops.c
index adbae61c4..23e7e9d3c 100644
--- a/src/netops.c
+++ b/src/netops.c
@@ -276,7 +276,7 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host)
 
 	if (SSL_get_verify_result(ssl->ssl) != X509_V_OK) {
 		giterr_set(GITERR_SSL, "The SSL certificate is invalid");
-		return -1;
+		return GIT_ECERTIFICATE;
 	}
 
 	/* Try to parse the host as an IP address to see if it is */
author	Carlos Martín Nieto <cmn@dwim.me>	2014-11-02 16:12:10 +0100
committer	Carlos Martín Nieto <cmn@dwim.me>	2014-11-02 16:12:10 +0100
commit	22fbb2656e3daf06c290d63d99b70c78f2f6d15d (patch)
tree	efbf6fc724d0f5bb6c347aebc4ae65a9d235cedc
parent	264d74fd4088585fa9fb6ffd6d9afe280c0048bb (diff)
download	libgit2-cmn/invalid-cert-return.tar.gz