@@ -8380,6 +8380,48 @@ TEST(SSLClientTest, ErrorReportingWhenInvalid) {
83808380 EXPECT_EQ (Error::SSLConnection, res.error ());
83818381}
83828382
8383+ TEST (SSLClientTest, Issue2251_SwappedClientCertAndKey) {
8384+ // Test for Issue #2251: SSL error not properly reported when client cert
8385+ // and key paths are swapped or mismatched
8386+ // This simulates the scenario where user accidentally swaps the cert and key
8387+ // files
8388+
8389+ // Using client cert file as private key and vice versa (completely wrong)
8390+ SSLClient cli (" localhost" 8080 , " client.key.pem" " client.cert.pem"
8391+
8392+ // Should fail validation due to cert/key mismatch
8393+ ASSERT_FALSE (cli.is_valid ());
8394+
8395+ // Attempt to make a request should fail with proper error
8396+ auto res = cli.Get (" /"
8397+ ASSERT_FALSE (res);
8398+ EXPECT_EQ (Error::SSLConnection, res.error ());
8399+
8400+ // SSL error should be recorded in the Result object (this is the key fix for
8401+ // Issue #2251)
8402+ auto openssl_error = res.ssl_openssl_error ();
8403+ EXPECT_NE (0u , openssl_error);
8404+ }
8405+
8406+ TEST (SSLClientTest, Issue2251_ClientCertFileNotMatchingKey) {
8407+ // Another variant: using valid file paths but with mismatched cert/key pair
8408+ // This tests the case where files exist but contain incompatible key material
8409+
8410+ // Using client cert with wrong key (cert2 key)
8411+ SSLClient cli (" localhost" 8080 , " client.cert.pem" " key.pem"
8412+
8413+ // Should fail validation
8414+ ASSERT_FALSE (cli.is_valid ());
8415+
8416+ auto res = cli.Get (" /"
8417+ ASSERT_FALSE (res);
8418+ // Must report error properly, not appear as success
8419+ EXPECT_EQ (Error::SSLConnection, res.error ());
8420+
8421+ // OpenSSL error should be captured in Result
8422+ EXPECT_NE (0u , res.ssl_openssl_error ());
8423+ }
8424+
83838425#if 0
83848426TEST(SSLClientTest, SetInterfaceWithINET6) {
83858427 auto cli = std::make_shared<httplib::Client>("https://httpbin.org");
0 commit comments