mirror of
https://github.com/netsurf-browser/netsurf
synced 2024-12-22 12:12:35 +03:00
add common name ssl certificate error
This adds an ssl faliure code and explanation why curl fetcher does not currently set it.
This commit is contained in:
parent
c6a2c76867
commit
98f4525073
@ -1180,9 +1180,22 @@ static void fetch_curl_done(CURL *curl_handle, CURLcode result)
|
|||||||
*/
|
*/
|
||||||
;
|
;
|
||||||
} else if (result == CURLE_SSL_PEER_CERTIFICATE ||
|
} else if (result == CURLE_SSL_PEER_CERTIFICATE ||
|
||||||
result == CURLE_SSL_CACERT) {
|
result == CURLE_SSL_CACERT) {
|
||||||
/* CURLE_SSL_PEER_CERTIFICATE renamed to
|
/*
|
||||||
* CURLE_PEER_FAILED_VERIFICATION
|
* curl in 7.63.0 (https://github.com/curl/curl/pull/3291)
|
||||||
|
* unified *all* SSL errors into the single
|
||||||
|
* CURLE_PEER_FAILED_VERIFICATION depricating
|
||||||
|
* CURLE_SSL_PEER_CERTIFICATE and CURLE_SSL_CACERT
|
||||||
|
*
|
||||||
|
* This change complete removed the ability to
|
||||||
|
* distinguish between certificate errors, host
|
||||||
|
* verification errors or any other failure reason
|
||||||
|
* using the curl result code.
|
||||||
|
*
|
||||||
|
* The result is when certificate error message is
|
||||||
|
* sent there is currently no way of informing the
|
||||||
|
* llcache about host verification faliures as the
|
||||||
|
* certificate chain has no error codes set.
|
||||||
*/
|
*/
|
||||||
cert = true;
|
cert = true;
|
||||||
} else {
|
} else {
|
||||||
|
@ -38,6 +38,7 @@ typedef enum {
|
|||||||
SSL_CERT_ERR_SELF_SIGNED, /**< This certificate (or the chain) is self signed */
|
SSL_CERT_ERR_SELF_SIGNED, /**< This certificate (or the chain) is self signed */
|
||||||
SSL_CERT_ERR_CHAIN_SELF_SIGNED, /**< This certificate chain is self signed */
|
SSL_CERT_ERR_CHAIN_SELF_SIGNED, /**< This certificate chain is self signed */
|
||||||
SSL_CERT_ERR_REVOKED, /**< This certificate has been revoked */
|
SSL_CERT_ERR_REVOKED, /**< This certificate has been revoked */
|
||||||
|
SSL_CERT_ERR_COMMON_NAME, /**< This certificate host did not match teh server */
|
||||||
} ssl_cert_err;
|
} ssl_cert_err;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -382,6 +382,11 @@ const char *messages_get_sslcode(ssl_cert_err code)
|
|||||||
case SSL_CERT_ERR_REVOKED:
|
case SSL_CERT_ERR_REVOKED:
|
||||||
/* This certificate has been revoked */
|
/* This certificate has been revoked */
|
||||||
return messages_get_ctx("SSLCertErrRevoked", messages_hash);
|
return messages_get_ctx("SSLCertErrRevoked", messages_hash);
|
||||||
|
|
||||||
|
case SSL_CERT_ERR_COMMON_NAME:
|
||||||
|
/* Common name is invalid */
|
||||||
|
return messages_get_ctx("SSLCertErrCommonName", messages_hash);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* The switch has no default, so the compiler should tell us when we
|
/* The switch has no default, so the compiler should tell us when we
|
||||||
|
Loading…
Reference in New Issue
Block a user