Fix reporting authentication failure

getdnsapi · Mar 2, 2020 · af46e20 · af46e20
1 parent e17ed39
commit af46e20
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/src/gnutls/tls.c b/src/gnutls/tls.c
@@ -712,8 +712,11 @@ getdns_return_t _getdns_tls_connection_certificate_verify(_getdns_tls_connection
 		GETDNS_FREE(*conn->mfs, new_cert_list);
 	}
 
-	if (ret != DANE_E_SUCCESS)
+	if (ret != DANE_E_SUCCESS) {
+		*errnum = ret;
+		*errmsg = dane_strerror(ret);
 		return GETDNS_RETURN_GENERIC_ERROR;
+	}
 
 	if (verify != 0) {
 		if (verify & DANE_VERIFY_CERT_DIFFERS) {

diff --git a/src/stub.c b/src/stub.c
@@ -1035,8 +1035,8 @@ tls_do_handshake(getdns_upstream *upstream)
 			    : "*Failure*" ));
 			upstream->tls_auth_state = GETDNS_AUTH_FAILED;
 		} else {
-			long verify_errno;
-			const char* verify_errmsg;
+			long verify_errno = 0;
+			const char* verify_errmsg = "Unknown verify error (fix reporting!)";
 
 			if (_getdns_tls_connection_certificate_verify(upstream->tls_obj, &verify_errno, &verify_errmsg)) {
 				upstream->tls_auth_state = GETDNS_AUTH_FAILED;