From f099c2ca55652e1694188937808d77ebfe2f1df4 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Wed, 17 Dec 2025 12:31:39 +0100
Subject: [PATCH] apple sectrust: fix ancient evaluation

On versions before macOS 10.14, ios 12 and watchos 5, check the
evaluation code to return the error from evaluation.

Reported-by: Stanislav Fort
Closes #20074
---
 lib/vtls/apple.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/vtls/apple.c b/lib/vtls/apple.c
index 0b81e95e86..9779e11eaa 100644
--- a/lib/vtls/apple.c
+++ b/lib/vtls/apple.c
@@ -261,12 +261,17 @@ CURLcode Curl_vtls_apple_verify(struct Curl_cfilter *cf,
 
     if(status != noErr) {
       failf(data, "Apple SecTrust verification failed: error %i", (int)status);
+      result = CURLE_PEER_FAILED_VERIFICATION;
     }
     else if((sec_result == kSecTrustResultUnspecified) ||
             (sec_result == kSecTrustResultProceed)) {
       /* "unspecified" means system-trusted with no explicit user setting */
       result = CURLE_OK;
     }
+    else {
+      /* Any other trust result is a verification failure in this context */
+      result = CURLE_PEER_FAILED_VERIFICATION;
+    }
 #endif /* REQUIRES_SecTrustEvaluateWithError */
   }