netops: provide more specific error for cert failure Specify what we do not like about the certificate. In this case, we do not like the name.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
diff --git a/src/netops.c b/src/netops.c
index 23f482b..1e18321 100644
--- a/src/netops.c
+++ b/src/netops.c
@@ -321,7 +321,7 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host)
GENERAL_NAMES_free(alts);
if (matched == 0)
- goto cert_fail;
+ goto cert_fail_name;
if (matched == 1)
return 0;
@@ -358,11 +358,11 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host)
int size = ASN1_STRING_to_UTF8(&peer_cn, str);
GITERR_CHECK_ALLOC(peer_cn);
if (memchr(peer_cn, '\0', size))
- goto cert_fail;
+ goto cert_fail_name;
}
if (check_host_name((char *)peer_cn, host) < 0)
- goto cert_fail;
+ goto cert_fail_name;
OPENSSL_free(peer_cn);
@@ -372,9 +372,9 @@ on_error:
OPENSSL_free(peer_cn);
return ssl_set_error(ssl, 0);
-cert_fail:
+cert_fail_name:
OPENSSL_free(peer_cn);
- giterr_set(GITERR_SSL, "Certificate host name check failed");
+ giterr_set(GITERR_SSL, "hostname does not match certificate");
return -1;
}