From 98f45250734fc7a2826753a143d7c37fc522f604 Mon Sep 17 00:00:00 2001
From: Vincent Sanders <vince@kyllikki.org>
Date: Sat, 10 Aug 2019 12:50:23 +0100
Subject: add common name ssl certificate error

This adds an ssl faliure code and explanation why curl fetcher
 does not currently set it.
---
 content/fetchers/curl.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'content')

diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index 345f16ce1..db41b32cb 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -1180,9 +1180,22 @@ static void fetch_curl_done(CURL *curl_handle, CURLcode result)
 		 */
 		;
 	} else if (result == CURLE_SSL_PEER_CERTIFICATE ||
-			result == CURLE_SSL_CACERT) {
-		/* CURLE_SSL_PEER_CERTIFICATE renamed to
-		 * CURLE_PEER_FAILED_VERIFICATION
+		   result == CURLE_SSL_CACERT) {
+		/*
+		 * curl in 7.63.0 (https://github.com/curl/curl/pull/3291)
+		 *   unified *all* SSL errors into the single
+		 *   CURLE_PEER_FAILED_VERIFICATION depricating
+		 *   CURLE_SSL_PEER_CERTIFICATE and CURLE_SSL_CACERT
+		 *
+		 * This change complete removed the ability to
+		 *   distinguish between certificate errors, host
+		 *   verification errors or any other failure reason
+		 *   using the curl result code.
+		 *
+		 * The result is when certificate error message is
+		 *   sent there is currently no way of informing the
+		 *   llcache about host verification faliures as the
+		 *   certificate chain has no error codes set.
 		 */
 		cert = true;
 	} else {
-- 
cgit v1.2.3