netops: return GIT_ECERTIFICATE when it fails the basic tests

carlosmn · carlosmn · commit 22fbb2656e3d · 2014-11-02T16:12:10.000+01:00
When we first ask OpenSSL to verify the certfiicate itself (rather
than the HTTPS specifics), we should also return
GIT_ECERTIFICATE. Otherwise, the caller would consider this as a failed
operation rather than a failed validation and not call the user's own
validation.
diff --git a/src/netops.c b/src/netops.c
@@ -276,7 +276,7 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host)
 
 	if (SSL_get_verify_result(ssl->ssl) != X509_V_OK) {
 		giterr_set(GITERR_SSL, "The SSL certificate is invalid");
-		return -1;
+		return GIT_ECERTIFICATE;
 	}
 
 	/* Try to parse the host as an IP address to see if it is */

Original file line number	Diff line number	Diff line change
`@@ -276,7 +276,7 @@ static int verify_server_cert(gitno_ssl ssl, const char host)`
`276`	`276`
`277`	`277`	`if (SSL_get_verify_result(ssl->ssl) != X509_V_OK) {`
`278`	`278`	`giterr_set(GITERR_SSL, "The SSL certificate is invalid");`
`279`		`- return -1;`
	`279`	`+ return GIT_ECERTIFICATE;`
`280`	`280`	`}`
`281`	`281`
`282`	`282`	`/* Try to parse the host as an IP address to see if it is */`