summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--http.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/http.c b/http.c
index 0e31fc21bc..70b0f15aef 100644
--- a/http.c
+++ b/http.c
@@ -1635,9 +1635,18 @@ static int handle_curl_result(struct slot_results *results)
if (results->curl_result == CURLE_OK) {
credential_approve(&http_auth);
- if (proxy_auth.password)
- credential_approve(&proxy_auth);
+ credential_approve(&proxy_auth);
+ credential_approve(&cert_auth);
return HTTP_OK;
+ } else if (results->curl_result == CURLE_SSL_CERTPROBLEM) {
+ /*
+ * We can't tell from here whether it's a bad path, bad
+ * certificate, bad password, or something else wrong
+ * with the certificate. So we reject the credential to
+ * avoid caching or saving a bad password.
+ */
+ credential_reject(&cert_auth);
+ return HTTP_NOAUTH;
} else if (missing_target(results))
return HTTP_MISSING_TARGET;
else if (results->http_code == 401) {