openssl: fix CURLINFO_SSL_VERIFYRESULT

CURLINFO_SSL_VERIFYRESULT does not get the certificate verification result when SSL_connect fails because of a certificate verification error. This fix saves the result of SSL_get_verify_result so that it is returned by CURLINFO_SSL_VERIFYRESULT. Closes #995
curl · Sep 6, 2016 · 8e176a7 · 8e176a7
1 parent 022dbdb
commit 8e176a7
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
@@ -2188,6 +2188,7 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
 
         lerr = SSL_get_verify_result(connssl->handle);
         if(lerr != X509_V_OK) {
+          data->set.ssl.certverifyresult = lerr;
           snprintf(error_buffer, sizeof(error_buffer),
                    "SSL certificate problem: %s",
                    X509_verify_cert_error_string(lerr));