Fix reporting authentication failure

2020-03-02 15:51:46 +00:00 · 2020-03-02 15:51:46 +00:00 · af46e20721
parent e17ed3938c
commit af46e20721
2 changed files with 6 additions and 3 deletions
--- a/src/gnutls/tls.c
+++ b/src/gnutls/tls.c
@ -712,8 +712,11 @@ failsafe:
 		GETDNS_FREE(*conn->mfs, new_cert_list);
 	}

-	if (ret != DANE_E_SUCCESS)
+	if (ret != DANE_E_SUCCESS) {
+		*errnum = ret;
+		*errmsg = dane_strerror(ret);
 		return GETDNS_RETURN_GENERIC_ERROR;
+	}

 	if (verify != 0) {
 		if (verify & DANE_VERIFY_CERT_DIFFERS) {
--- a/src/stub.c
+++ b/src/stub.c
@ -1035,8 +1035,8 @@ tls_do_handshake(getdns_upstream *upstream)
 			    : "*Failure*" ));
 			upstream->tls_auth_state = GETDNS_AUTH_FAILED;
 		} else {
-			long verify_errno;
-			const char* verify_errmsg;
+			long verify_errno = 0;
+			const char* verify_errmsg = "Unknown verify error (fix reporting!)";

 			if (_getdns_tls_connection_certificate_verify(upstream->tls_obj, &verify_errno, &verify_errmsg)) {
 				upstream->tls_auth_state = GETDNS_AUTH_FAILED;