From 3cffcba3d0cf78a2aa17197059f810f5a7ce05a5 Mon Sep 17 00:00:00 2001
From: Quinn Slack <sqs@cs.stanford.edu>
Date: Wed, 9 Feb 2011 23:34:30 +0100
Subject: [PATCH] CURLE_TLSAUTH_FAILED: removed

On second thought, I think CURLE_TLSAUTH_FAILED should be eliminated. It
was only being raised when an internal error occurred while allocating
or setting the GnuTLS SRP client credentials struct. For TLS
authentication failures, the general CURLE_SSL_CONNECT_ERROR seems
appropriate; its error string already includes "passwords" as a possible
cause. Having a separate TLS auth error code might also cause people to
think that a TLS auth failure means the wrong username or password was
entered, when it could also be a sign of a man-in-the-middle attack.
---
 docs/libcurl/symbols-in-versions | 1 -
 include/curl/curl.h              | 1 -
 lib/gtls.c                       | 4 ++--
 lib/strerror.c                   | 3 ---
 4 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index bbd629d..bacf527 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -123,7 +123,6 @@ CURLE_TFTP_NOSUCHUSER           7.15.0
 CURLE_TFTP_NOTFOUND             7.15.0
 CURLE_TFTP_PERM                 7.15.0
 CURLE_TFTP_UNKNOWNID            7.15.0
-CURLE_TLSAUTH_FAILED            7.21.4
 CURLE_TOO_MANY_REDIRECTS        7.5
 CURLE_UNKNOWN_TELNET_OPTION     7.7
 CURLE_UNSUPPORTED_PROTOCOL      7.1
diff --git a/include/curl/curl.h b/include/curl/curl.h
index bf65420..4744f48 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -502,7 +502,6 @@ typedef enum {
   CURLE_RTSP_SESSION_ERROR,      /* 86 - mismatch of RTSP Session Identifiers */
   CURLE_FTP_BAD_FILE_LIST,       /* 87 - unable to parse FTP file list */
   CURLE_CHUNK_FAILED,            /* 88 - chunk callback reported error */
-  CURLE_TLSAUTH_FAILED,          /* 89 - Failed TLS authentication */
 
   CURL_LAST /* never use! */
 } CURLcode;
diff --git a/lib/gtls.c b/lib/gtls.c
index 89174ed..71ceb34 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -354,7 +354,7 @@ gtls_connect_step1(struct connectdata *conn,
     if(rc != GNUTLS_E_SUCCESS) {
       failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
             gnutls_strerror(rc));
-      return CURLE_TLSAUTH_FAILED;
+      return CURLE_OUT_OF_MEMORY;
     }
 
     rc = gnutls_srp_set_client_credentials(conn->ssl[sockindex].srp_client_cred,
@@ -363,7 +363,7 @@ gtls_connect_step1(struct connectdata *conn,
     if(rc != GNUTLS_E_SUCCESS) {
       failf(data, "gnutls_srp_set_client_cred() failed: %s",
             gnutls_strerror(rc));
-      return CURLE_TLSAUTH_FAILED;
+      return CURLE_BAD_FUNCTION_ARGUMENT;
     }
   }
 #endif
diff --git a/lib/strerror.c b/lib/strerror.c
index 6b67a87..a88cdc4 100644
--- a/lib/strerror.c
+++ b/lib/strerror.c
@@ -281,9 +281,6 @@ curl_easy_strerror(CURLcode error)
   case CURLE_CHUNK_FAILED:
     return "Chunk callback failed";
 
-  case CURLE_TLSAUTH_FAILED:
-    return "TLS Authentication failed";
-
     /* error codes not used by current libcurl */
   case CURLE_OBSOLETE4:
   case CURLE_OBSOLETE10:
-- 
2.7.4