Despite no certificate even being received yet, the error complains about a failed verification. The cause here is that cert verification failed is only omitted if the verification result is OK. The default in BoringSSL before verification runs is INVALID_CALL, however.
It is not used anywhere else as a verification result code. To improve the error message, this commit adds INVALID_CALL as a verification result for which no additional error is dislayed.
Mid-handshake errors that occur before certificate verification currently look like this:
Despite no certificate even being received yet, the error complains about a failed verification. The cause here is that
cert verification failedis only omitted if the verification result isOK. The default in BoringSSL before verification runs isINVALID_CALL, however.INVALID_CALLis set/returned in these places:It is not used anywhere else as a verification result code. To improve the error message, this commit adds
INVALID_CALLas a verification result for which no additional error is dislayed.