add common name ssl certificate error

This adds an ssl faliure code and explanation why curl fetcher
 does not currently set it.

content/fetchers/curl.c

@@ -1181,8 +1181,21 @@ static void fetch_curl_done(CURL *curl_handle, CURLcode result)
 		;
 	} else if (result == CURLE_SSL_PEER_CERTIFICATE ||
 		   result == CURLE_SSL_CACERT) {
-		/* CURLE_SSL_PEER_CERTIFICATE renamed to
+		/*
-		 * CURLE_PEER_FAILED_VERIFICATION
+		 * curl in 7.63.0 (https://github.com/curl/curl/pull/3291)
+		 *   unified *all* SSL errors into the single
+		 *   CURLE_PEER_FAILED_VERIFICATION depricating
+		 *   CURLE_SSL_PEER_CERTIFICATE and CURLE_SSL_CACERT
+		 *
+		 * This change complete removed the ability to
+		 *   distinguish between certificate errors, host
+		 *   verification errors or any other failure reason
+		 *   using the curl result code.
+		 *
+		 * The result is when certificate error message is
+		 *   sent there is currently no way of informing the
+		 *   llcache about host verification faliures as the
+		 *   certificate chain has no error codes set.
 		 */
 		cert = true;
 	} else {

include/netsurf/ssl_certs.h

@@ -38,6 +38,7 @@ typedef enum {
 	SSL_CERT_ERR_SELF_SIGNED, /**< This certificate (or the chain) is self signed */
 	SSL_CERT_ERR_CHAIN_SELF_SIGNED, /**< This certificate chain is self signed */
 	SSL_CERT_ERR_REVOKED,	/**< This certificate has been revoked */
+	SSL_CERT_ERR_COMMON_NAME, /**< This certificate host did not match teh server */
 } ssl_cert_err;
 
 /**

utils/messages.c

@@ -382,6 +382,11 @@ const char *messages_get_sslcode(ssl_cert_err code)
 	case SSL_CERT_ERR_REVOKED:
 		/* This certificate has been revoked */
 		return messages_get_ctx("SSLCertErrRevoked", messages_hash);
+
+	case SSL_CERT_ERR_COMMON_NAME:
+		/* Common name is invalid */
+		return messages_get_ctx("SSLCertErrCommonName", messages_hash);
+
 	}
 
 	/* The switch has no default, so the compiler should tell us when we