diff --git a/src/internal.c b/src/internal.c index 515d51299..cd7fda804 100644 --- a/src/internal.c +++ b/src/internal.c @@ -9351,7 +9351,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args) if (args->dCert->altNames != NULL) { if (CheckAltNames(args->dCert, ssl->param->hostName) == 0 ) { if (ret == 0) { - ret = VERIFY_CERT_ERROR; + ret = DOMAIN_NAME_MISMATCH; } } } @@ -9361,7 +9361,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args) args->dCert->subjectCNLen, ssl->param->hostName) == 0) { if (ret == 0) { - ret = VERIFY_CERT_ERROR; + ret = DOMAIN_NAME_MISMATCH; } } } @@ -9373,7 +9373,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args) (ssl->param != NULL) && (XSTRLEN(ssl->param->ipasc) > 0)) { if (CheckIPAddr(args->dCert, ssl->param->ipasc) != 0) { if (ret == 0) { - ret = VERIFY_CERT_ERROR; + ret = IPADDR_MISMATCH; } } } @@ -16863,6 +16863,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case DOMAIN_NAME_MISMATCH : return "peer subject name mismatch"; + case IPADDR_MISMATCH : + return "peer ip address mismatch"; + case WANT_READ : case WOLFSSL_ERROR_WANT_READ : return "non-blocking socket wants data to be read"; diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index 864d67b8e..d03db5661 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -57,7 +57,7 @@ enum wolfSSL_ErrorCodes { DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */ WANT_READ = -323, /* want read, call again */ NOT_READY_ERROR = -324, /* handshake layer not ready */ - + IPADDR_MISMATCH = -325, /* peer ip address mismatch */ VERSION_ERROR = -326, /* record layer version error */ WANT_WRITE = -327, /* want write, call again */ BUFFER_ERROR = -328, /* malformed buffer input */