netops: return GIT_ECERTIFICATE when it fails the basic tests

When we first ask OpenSSL to verify the certfiicate itself (rather than the HTTPS specifics), we should also return GIT_ECERTIFICATE. Otherwise, the caller would consider this as a failed operation rather than a failed validation and not call the user's own validation.

netops: return GIT_ECERTIFICATE when it fails the basic tests
When we first ask OpenSSL to verify the certfiicate itself (rather than the HTTPS specifics), we should also return GIT_ECERTIFICATE. Otherwise, the caller would consider this as a failed operation rather than a failed validation and not call the user's own validation.
22fbb265 · Carlos Martín Nieto · 264d74fd · 22fbb265
Commit 22fbb265 authored Nov 02, 2014 by Carlos Martín Nieto
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 1 deletions

src/netops.c
+1 -1

No files found.
--- a/src/netops.c
+++ b/src/netops.c
@@ -276,7 +276,7 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host)

 	if (SSL_get_verify_result(ssl->ssl) != X509_V_OK) {
 		giterr_set(GITERR_SSL, "The SSL certificate is invalid");
-		return -1;
+		return GIT_ECERTIFICATE;
 	}

 	/* Try to parse the host as an IP address to see if it is */