netops: provide more specific error for cert failure

Specify what we do not like about the certificate. In this case, we do not like the name.
author: Carlos Martín Nieto <cmn@dwim.me> 2014-04-26 14:16:42 +0200
committer: Carlos Martín Nieto <cmn@dwim.me> 2014-04-26 17:27:43 +0200
commit: 51d3f6f5f2f9dc6c9f9dd64d3ccbd0afdcf6fb6e (patch)
tree: dc7c8724c818a1e087eeadb02df3bd9eb64cf638 /src/netops.c
parent: 1f0d4f3d8dd5c87d3f42a913a1af9d6f1f2da437 (diff)
download: libgit2-51d3f6f5f2f9dc6c9f9dd64d3ccbd0afdcf6fb6e.tar.gz
1 files changed, 5 insertions, 5 deletions
diff --git a/src/netops.c b/src/netops.c
index 23f482b12..1e1832112 100644
--- a/src/netops.c
+++ b/src/netops.c
@@ -321,7 +321,7 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host)
 	GENERAL_NAMES_free(alts);
 
 	if (matched == 0)
-		goto cert_fail;
+		goto cert_fail_name;
 
 	if (matched == 1)
 		return 0;
@@ -358,11 +358,11 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host)
 		int size = ASN1_STRING_to_UTF8(&peer_cn, str);
 		GITERR_CHECK_ALLOC(peer_cn);
 		if (memchr(peer_cn, '\0', size))
-			goto cert_fail;
+			goto cert_fail_name;
 	}
 
 	if (check_host_name((char *)peer_cn, host) < 0)
-		goto cert_fail;
+		goto cert_fail_name;
 
 	OPENSSL_free(peer_cn);
 
@@ -372,9 +372,9 @@ on_error:
 	OPENSSL_free(peer_cn);
 	return ssl_set_error(ssl, 0);
 
-cert_fail:
+cert_fail_name:
 	OPENSSL_free(peer_cn);
-	giterr_set(GITERR_SSL, "Certificate host name check failed");
+	giterr_set(GITERR_SSL, "hostname does not match certificate");
 	return -1;
 }
author	Carlos Martín Nieto <cmn@dwim.me>	2014-04-26 14:16:42 +0200
committer	Carlos Martín Nieto <cmn@dwim.me>	2014-04-26 17:27:43 +0200
commit	51d3f6f5f2f9dc6c9f9dd64d3ccbd0afdcf6fb6e (patch)
tree	dc7c8724c818a1e087eeadb02df3bd9eb64cf638 /src/netops.c
parent	1f0d4f3d8dd5c87d3f42a913a1af9d6f1f2da437 (diff)
download	libgit2-51d3f6f5f2f9dc6c9f9dd64d3ccbd0afdcf6fb6e.tar.gz