mirror of
https://github.com/curl/curl.git
synced 2026-07-12 10:27:15 +03:00
darwinssl: Use CopyCertSubject() to check CA cert.
SecCertificateCopyPublicKey() is not available on iPhone. Use CopyCertSubject() instead to see if the certificate returned by SecCertificateCreateWithData() is valid. Reported-by: Toby Peterson
This commit is contained in:
parent
c6ee182bd4
commit
fd1ce3856a
1 changed files with 15 additions and 4 deletions
|
|
@ -1672,14 +1672,25 @@ static int append_cert_to_array(struct SessionHandle *data,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check if cacert is valid. */
|
/* Check if cacert is valid. */
|
||||||
SecKeyRef key;
|
CFStringRef subject = CopyCertSubject(cacert);
|
||||||
OSStatus ret = SecCertificateCopyPublicKey(cacert, &key);
|
if(subject) {
|
||||||
if(ret != noErr) {
|
char subject_cbuf[128];
|
||||||
|
memset(subject_cbuf, 0, 128);
|
||||||
|
if(!CFStringGetCString(subject,
|
||||||
|
subject_cbuf,
|
||||||
|
128,
|
||||||
|
kCFStringEncodingUTF8)) {
|
||||||
|
CFRelease(cacert);
|
||||||
|
failf(data, "SSL: invalid CA certificate subject");
|
||||||
|
return CURLE_SSL_CACERT;
|
||||||
|
}
|
||||||
|
CFRelease(subject);
|
||||||
|
}
|
||||||
|
else {
|
||||||
CFRelease(cacert);
|
CFRelease(cacert);
|
||||||
failf(data, "SSL: invalid CA certificate");
|
failf(data, "SSL: invalid CA certificate");
|
||||||
return CURLE_SSL_CACERT;
|
return CURLE_SSL_CACERT;
|
||||||
}
|
}
|
||||||
CFRelease(key);
|
|
||||||
|
|
||||||
CFArrayAppendValue(array, cacert);
|
CFArrayAppendValue(array, cacert);
|
||||||
CFRelease(cacert);
|
CFRelease(cacert);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue