Propagate all errors to the (old) ICertificatePolicy or (newer) callback. Fix bug...

diff --git a/mcs/class/System/System.Net/ServicePointManager.cs b/mcs/class/System/System.Net/ServicePointManager.cs
index aad375d0a702252b10784b6171bd755e62d2f53f..fda1a7b125c252d3c2a63bf689a4a559dec4204b 100644 (file)
--- a/mcs/class/System/System.Net/ServicePointManager.cs
+++ b/mcs/class/System/System.Net/ServicePointManager.cs
@@ -501,7 +501,7 @@ namespace System.Net
 #endif
                                        // Attempt to use OSX certificates
                                        // Ideally we should return the SecTrustResult
-                                       MSX.OSX509Certificates.SecTrustResult trustResult;
+                                       MSX.OSX509Certificates.SecTrustResult trustResult = MSX.OSX509Certificates.SecTrustResult.Deny;
                                        try {
                                                trustResult = MSX.OSX509Certificates.TrustEvaluateSsl (certs);
                                                // We could use the other values of trustResult to pass this extra information
@@ -516,6 +516,10 @@ namespace System.Net
                                        if (result) {
                                                status11 = 0;
                                                errors = 0;
+                                       } else {
+                                               // callback and DefaultCertificatePolicy needs this since 'result' is not specified
+                                               status11 = (int) trustResult;
+                                               errors |= SslPolicyErrors.RemoteCertificateChainErrors;
                                        }
 #if !MONOTOUCH
                                }