[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 47/256: curl: shorten and clean up CA cert verifica
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 47/256: curl: shorten and clean up CA cert verification error message |
Date: |
Fri, 06 Oct 2017 19:42:18 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit f412a5aabb4d72201e80c1d31deda809becd082a
Author: Daniel Stenberg <address@hidden>
AuthorDate: Tue Aug 22 09:07:11 2017 +0200
curl: shorten and clean up CA cert verification error message
The previous message was just too long for ordinary people and it was
encouraging users to use `--insecure` a little too easy.
Based-on-work-by: Frank Denis
Closes #1810
Closes #1817
---
src/tool_operate.c | 28 +++++++---------------------
1 file changed, 7 insertions(+), 21 deletions(-)
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 202aba609..fd9a13921 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -92,21 +92,12 @@ CURLcode curl_easy_perform_ev(CURL *easy);
# define O_BINARY 0
#endif
-#define CURL_CA_CERT_ERRORMSG1 \
- "More details here: https://curl.haxx.se/docs/sslcerts.html\n\n" \
- "curl performs SSL certificate verification by default, " \
- "using a \"bundle\"\n" \
- " of Certificate Authority (CA) public keys (CA certs). If the default\n" \
- " bundle file isn't adequate, you can specify an alternate file\n" \
- " using the --cacert option.\n"
-
-#define CURL_CA_CERT_ERRORMSG2 \
- "If this HTTPS server uses a certificate signed by a CA represented in\n" \
- " the bundle, the certificate verification probably failed due to a\n" \
- " problem with the certificate (it might be expired, or the name might\n" \
- " not match the domain name in the URL).\n" \
- "If you'd like to turn off curl's verification of the certificate, use\n" \
- " the -k (or --insecure) option.\n"
+#define CURL_CA_CERT_ERRORMSG \
+ "More details here: https://curl.haxx.se/docs/sslcerts.html\n\n" \
+ "curl failed to verify the legitimacy of the server and therefore " \
+ "could not\nestablish a secure connection to it. To learn more about " \
+ "this situation and\nhow to fix it, please visit the web page mentioned " \
+ "above.\n"
static bool is_fatal_error(CURLcode code)
{
@@ -1784,12 +1775,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
fprintf(global->errors, "curl: (%d) %s\n", result, (errorbuffer[0]) ?
errorbuffer : curl_easy_strerror(result));
if(result == CURLE_SSL_CACERT)
- fprintf(global->errors, "%s%s%s",
- CURL_CA_CERT_ERRORMSG1, CURL_CA_CERT_ERRORMSG2,
- ((curlinfo->features & CURL_VERSION_HTTPS_PROXY) ?
- "HTTPS-proxy has similar options --proxy-cacert "
- "and --proxy-insecure.\n" :
- ""));
+ fputs(CURL_CA_CERT_ERRORMSG, global->errors);
}
/* Fall through comment to 'quit_urls' label */
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 06/256: RELEASE-NOTES: synced with 91c46dc44, (continued)
- [GNUnet-SVN] [gnurl] 06/256: RELEASE-NOTES: synced with 91c46dc44, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 08/256: zsh.pl: produce a working completion script again, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 07/256: curlver: toward 7.56.0?, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 17/256: configure: check for __builtin_available() availability (#1788), gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 18/256: http_proxy: fix build error for CURL_DOES_CONVERSIONS, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 11/256: curl-confopts.m4: fix --disable-threaded-resolver, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 14/256: darwinssi: fix error: variable length array used, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 21/256: curl/system.h: checksrc compliance, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 19/256: examples/ftpuploadresume: checksrc compliance, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 04/256: strtoofft: reduce integer overflow risks globally, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 47/256: curl: shorten and clean up CA cert verification error message,
gnunet <=
- [GNUnet-SVN] [gnurl] 40/256: tftp: fix memory leak on too long filename, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 50/256: config-tpf: define SIZEOF_LONG, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 23/256: CURLOPT_SSH_COMPRESSION.3: enable with 1L, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 27/256: config-win32: define SIZEOF_CURL_OFF_T, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 16/256: travis: add metalink to some osx builds, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 10/256: progress: Track total times following redirects, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 22/256: compressed-ssh.d: "Added: 7.56.0", gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 52/256: CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 15/256: coverage: Use two coveralls commands to get lib/vtls results, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 31/256: http: Don't wait on CONNECT when there is no proxy, gnunet, 2017/10/06