summaryrefslogtreecommitdiff
path: root/content/fetchers
diff options
context:
space:
mode:
Diffstat (limited to 'content/fetchers')
-rw-r--r--content/fetchers/curl.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index 345f16ce1..db41b32cb 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -1180,9 +1180,22 @@ static void fetch_curl_done(CURL *curl_handle, CURLcode result)
*/
;
} else if (result == CURLE_SSL_PEER_CERTIFICATE ||
- result == CURLE_SSL_CACERT) {
- /* CURLE_SSL_PEER_CERTIFICATE renamed to
- * CURLE_PEER_FAILED_VERIFICATION
+ result == CURLE_SSL_CACERT) {
+ /*
+ * curl in 7.63.0 (https://github.com/curl/curl/pull/3291)
+ * unified *all* SSL errors into the single
+ * CURLE_PEER_FAILED_VERIFICATION depricating
+ * CURLE_SSL_PEER_CERTIFICATE and CURLE_SSL_CACERT
+ *
+ * This change complete removed the ability to
+ * distinguish between certificate errors, host
+ * verification errors or any other failure reason
+ * using the curl result code.
+ *
+ * The result is when certificate error message is
+ * sent there is currently no way of informing the
+ * llcache about host verification faliures as the
+ * certificate chain has no error codes set.
*/
cert = true;
} else {
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 01:19:15 +0000