romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-19 11:31:14 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/lib/vtls
History
Stefan Eissing 6aa8fa3fdf
apple-sectrust: always ask when native_ca_store is in use 
When OpenSSL fails to verify the peer certificate, we checked for
one specific reason code and did not ask Apple SecTrust for any
other failure.

Always ask Apple SecTrust after OpenSSL fails when the `native_ca_store`
is enabled. If the user configures a CAfile or CApath, the native store
is disabled, so this does not affect use cases where users asks curl
to use a specific set of trust anchors.

Do the same for GnuTLS

Fixes #19636
Reported-by: ffath-vo on github
Closes #19638
2025-11-21 14:02:46 +01:00
..
apple.c badwords: check indented lines in source code, fix fallouts 2025-11-15 13:25:02 +01:00
apple.h apple sectrust: add to features 2025-10-16 10:58:45 +02:00
cipher_suite.c lib: stop overriding system printf symbols 2025-10-06 20:57:59 +02:00
cipher_suite.h TLS: remove support for Secure Transport and BearSSL 2025-06-11 07:54:19 +02:00
gtls.c apple-sectrust: always ask when native_ca_store is in use 2025-11-21 14:02:46 +01:00
gtls.h ssl: support Apple SecTrust configurations 2025-10-03 12:02:23 +02:00
hostcheck.c tidy-up: more whitespace/indent, comments 2025-07-25 11:47:51 +02:00
hostcheck.h openssl: some small cleanups 2025-07-18 00:40:26 +02:00
keylog.c build: avoid overriding system symbols for fopen functions 2025-09-30 01:10:36 +02:00
keylog.h spelling: 'a' vs 'an' 2025-05-30 11:38:35 +02:00
mbedtls.c code: minor indent fixes before closing braces 2025-11-13 17:27:40 +01:00
mbedtls.h lib: include files using known path 2025-04-08 17:00:00 +02:00
mbedtls_threadlock.c lib: stop overriding system printf symbols 2025-10-06 20:57:59 +02:00
mbedtls_threadlock.h lib: include files using known path 2025-04-08 17:00:00 +02:00
openssl.c apple-sectrust: always ask when native_ca_store is in use 2025-11-21 14:02:46 +01:00
openssl.h openssl: bump minimum OpenSSL version to 3.0.0 2025-11-15 15:56:31 +01:00
rustls.c tidy-up: miscellaneous 2025-11-17 13:32:43 +01:00
rustls.h lib: include files using known path 2025-04-08 17:00:00 +02:00
schannel.c tidy-up: miscellaneous 2025-11-17 13:32:43 +01:00
schannel.h openssl: BoringSSL / AWS-LC tidy-ups 2025-08-24 00:30:06 +02:00
schannel_int.h build: drop support for VS2008 (Windows) 2025-11-15 15:56:19 +01:00
schannel_verify.c schannel_verify: fix a memory leak of cert_context 2025-11-17 14:42:21 +01:00
vtls.c badwords: check indented lines in source code, fix fallouts 2025-11-15 13:25:02 +01:00
vtls.h vtls: handle possible malicious certs_num from peer 2025-11-08 10:33:06 +01:00
vtls_int.h vtls_int.h: clarify data_pending 2025-09-21 09:43:28 +02:00
vtls_scache.c build: drop Windows CE / CeGCC support 2025-11-15 15:35:23 +01:00
vtls_scache.h ssl-session-cache: check use on config and availability 2025-10-29 03:07:59 -04:00
vtls_spack.c build: drop support for VS2008 (Windows) 2025-11-15 15:56:19 +01:00
vtls_spack.h build: fix build errors/warnings in rare configurations 2025-07-23 22:17:03 +02:00
wolfssl.c wolfssl: fix a potential memory leak of session 2025-11-16 23:32:41 +01:00
wolfssl.h GHA/checksrc: expand spellcheck, fix issues found 2025-07-21 16:09:01 +02:00
x509asn1.c lib: cleanup for some typos about spaces and code style 2025-11-05 14:07:28 +01:00
x509asn1.h build: address some -Weverything warnings, update picky warnings 2025-09-20 10:16:15 +02:00