Index: /trunk/include/iprt/err.h
===================================================================
--- /trunk/include/iprt/err.h	(revision 45397)
+++ /trunk/include/iprt/err.h	(revision 45398)
@@ -1572,12 +1572,20 @@
 /** @name HTTP status codes
  * @{ */
+/** HTTP initialization failed. */
+#define VERR_HTTP_INIT_FAILED                   (-885)
 /** The server has not found anything matching the URI given. */
-#define VERR_HTTP_NOT_FOUND                     (-885)
+#define VERR_HTTP_NOT_FOUND                     (-886)
 /** The request is for something forbidden. Authorization will not help. */
-#define VERR_HTTP_ACCESS_DENIED                 (-886)
+#define VERR_HTTP_ACCESS_DENIED                 (-887)
 /** The server did not understand the request due to bad syntax. */
-#define VERR_HTTP_BAD_REQUEST                   (-887)
-/** Couldn't connect to the server (proxy?) */
-#define VERR_HTTP_COULDNT_CONNECT               (-888)
+#define VERR_HTTP_BAD_REQUEST                   (-888)
+/** Couldn't connect to the server (proxy?). */
+#define VERR_HTTP_COULDNT_CONNECT               (-889)
+/** SSL connection error. */
+#define VERR_HTTP_SSL_CONNECT_ERROR             (-890)
+/** CAcert is missing or has the wrong format. */
+#define VERR_HTTP_CACERT_WRONG_FORMAT           (-891)
+/** Certificate cannot be authenticated with the given CA certificates. */
+#define VERR_HTTP_CACERT_CANNOT_AUTHENTICATE    (-892)
 /** @} */
 
Index: /trunk/include/iprt/http.h
===================================================================
--- /trunk/include/iprt/http.h	(revision 45397)
+++ /trunk/include/iprt/http.h	(revision 45398)
@@ -69,5 +69,6 @@
  * @param    hHttp         HTTP interface handle.
  * @param    pcszUrl       URL.
- * @param    ppszResponse  HTTP response.
+ * @param    ppszResponse  HTTP response. It is guaranteed that this string is
+ *                         '\0'-terminated.
  */
 RTR3DECL(int) RTHttpGet(RTHTTP hHttp, const char *pcszUrl, char **ppszResponse);
Index: /trunk/src/VBox/Runtime/common/misc/http.cpp
===================================================================
--- /trunk/src/VBox/Runtime/common/misc/http.cpp	(revision 45397)
+++ /trunk/src/VBox/Runtime/common/misc/http.cpp	(revision 45398)
@@ -35,4 +35,5 @@
 #include <iprt/string.h>
 #include <iprt/file.h>
+#include <iprt/stream.h>
 
 #include <curl/curl.h>
@@ -90,9 +91,9 @@
     CURLcode rcCurl = curl_global_init(CURL_GLOBAL_ALL);
     if (CURL_FAILED(rcCurl))
-        return VERR_INTERNAL_ERROR;
+        return VERR_HTTP_INIT_FAILED;
 
     CURL *pCurl = curl_easy_init();
     if (!pCurl)
-        return VERR_INTERNAL_ERROR;
+        return VERR_HTTP_INIT_FAILED;
 
     PRTHTTPINTERNAL pHttpInt = (PRTHTTPINTERNAL)RTMemAllocZ(sizeof(RTHTTPINTERNAL));
@@ -237,5 +238,5 @@
                     }
                     else
-                        rc = VERR_INTERNAL_ERROR;
+                        rc = VERR_HTTP_CACERT_WRONG_FORMAT;
                 }
                 else
@@ -243,9 +244,9 @@
             }
             else
-                rc = VERR_INTERNAL_ERROR;
+                rc = VERR_HTTP_CACERT_WRONG_FORMAT;
             X509_free(crt);
         }
         else
-            rc = VERR_INTERNAL_ERROR;
+            rc = VERR_HTTP_CACERT_WRONG_FORMAT;
         BIO_free(cert);
     }
@@ -334,4 +335,5 @@
     else
     {
+        RTPrintf("rcCurl = %d\n", rcCurl);
         switch (rcCurl)
         {
@@ -343,4 +345,16 @@
                 rc = VERR_HTTP_COULDNT_CONNECT;
                 break;
+            case CURLE_SSL_CONNECT_ERROR:
+                rc = VERR_HTTP_SSL_CONNECT_ERROR;
+                break;
+            case CURLE_SSL_CACERT:
+                /* The peer certificate cannot be authenticated with the CA certificates
+                 * set by RTHttpSetCAFile(). We need other or additional CA certificates. */
+                rc = VERR_HTTP_CACERT_CANNOT_AUTHENTICATE;
+                break;
+            case CURLE_SSL_CACERT_BADFILE:
+                /* CAcert file (see RTHttpSetCAFile()) has wrong format */
+                rc = VERR_HTTP_CACERT_WRONG_FORMAT;
+                break;
             default:
                 break;
Index: /trunk/src/VBox/Runtime/testcase/tstHttp.cpp
===================================================================
--- /trunk/src/VBox/Runtime/testcase/tstHttp.cpp	(revision 45397)
+++ /trunk/src/VBox/Runtime/testcase/tstHttp.cpp	(revision 45398)
@@ -66,4 +66,5 @@
         uint8_t *abSha512;
         size_t  cbSha512;
+        size_t cbBuf = strlen(pszBuf);
         const uint8_t abSha1PCA3G5[] =
         {
@@ -82,5 +83,5 @@
             0xd2, 0x6b, 0xa8, 0x9a, 0xf0, 0xb3, 0x6a, 0x01
         };
-        rc = RTHttpCertDigest(hHttp, pszBuf, strlen(pszBuf),
+        rc = RTHttpCertDigest(hHttp, pszBuf, cbBuf,
                               &abSha1, &cbSha1, &abSha512, &cbSha512);
         if (RT_SUCCESS(rc))
@@ -115,5 +116,5 @@
             RTMemFree(abSha512);
             if (RT_SUCCESS(rc))
-                rc = RTStrmWrite(CAFile, pszBuf, strlen(pszBuf));
+                rc = RTStrmWrite(CAFile, pszBuf, cbBuf);
             if (RT_SUCCESS(rc))
                 rc = RTStrmWrite(CAFile, RTFILE_LINEFEED, strlen(RTFILE_LINEFEED));
@@ -137,4 +138,5 @@
         uint8_t *abSha512;
         size_t  cbSha512;
+        size_t  cbBuf = strlen(pszBuf);
         const uint8_t abSha1PCA3[] =
         {
@@ -153,5 +155,5 @@
             0x0a, 0x67, 0x83, 0x87, 0xc5, 0x45, 0xc4, 0x99
         };
-        rc = RTHttpCertDigest(hHttp, pszBuf, strlen(pszBuf),
+        rc = RTHttpCertDigest(hHttp, pszBuf, cbBuf,
                               &abSha1, &cbSha1, &abSha512, &cbSha512);
         if (RT_SUCCESS(rc))
@@ -186,5 +188,5 @@
             RTMemFree(abSha512);
             if (RT_SUCCESS(rc))
-                rc = RTStrmWrite(CAFile, pszBuf, strlen(pszBuf));
+                rc = RTStrmWrite(CAFile, pszBuf, cbBuf);
             if (RT_SUCCESS(rc))
                 rc = RTStrmWrite(CAFile, RTFILE_LINEFEED, strlen(RTFILE_LINEFEED));