generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

darwinssl: fixed for older Mac OS X versions

Browse Source 
SSL didn't work on older cats if built on a newer cat with weak-linking
turned on to support the older cat
This commit is contained in:
Nick Zitzmann 2012-09-07 20:01:08 -06:00 committed by Daniel Stenberg
parent 8b5d050267
commit badb81769a
1 changed files with 45 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
lib/curl_darwinssl.c
View File

@ -614,7 +614,17 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
}
}
else {
#elif TARGET_OS_EMBEDDED == 0
#if TARGET_OS_EMBEDDED == 0 /* the older API does not exist on iOS */
if(connssl->ssl_ctx)
(void)SSLDisposeContext(connssl->ssl_ctx);
err = SSLNewContext(false, &(connssl->ssl_ctx));
if(err != noErr) {
failf(data, "SSL: couldn't create a context: OSStatus %d", err);
return CURLE_OUT_OF_MEMORY;
}
#endif /* TARGET_OS_EMBEDDED == 0 */
}
#else
if(connssl->ssl_ctx)
(void)SSLDisposeContext(connssl->ssl_ctx);
err = SSLNewContext(false, &(connssl->ssl_ctx));
@ -623,9 +633,6 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
return CURLE_OUT_OF_MEMORY;
}
#endif /* defined(__MAC_10_8) || defined(__IPHONE_5_0) */
#if defined(__MAC_10_8) || defined(__IPHONE_5_0)
}
#endif /* defined(__MAC_10_8) || defined(__IPHONE_5_0) */
/* check to see if we've been told to use an explicit SSL/TLS version */
#if defined(__MAC_10_8) || defined(__IPHONE_5_0)
@ -740,7 +747,16 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
}
}
else {
#elif TARGET_OS_EMBEDDED == 0
#if TARGET_OS_EMBEDDED == 0
err = SSLSetEnableCertVerify(connssl->ssl_ctx,
data->set.ssl.verifypeer?true:false);
if(err != noErr) {
failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
return CURLE_SSL_CONNECT_ERROR;
}
#endif /* TARGET_OS_EMBEDDED == 0 */
}
#else
err = SSLSetEnableCertVerify(connssl->ssl_ctx,
data->set.ssl.verifypeer?true:false);
if(err != noErr) {
@ -748,9 +764,6 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
return CURLE_SSL_CONNECT_ERROR;
}
#endif /* defined(__MAC_10_6) || defined(__IPHONE_5_0) */
#if defined(__MAC_10_6) || defined(__IPHONE_5_0)
}
#endif /* defined(__MAC_10_6) || defined(__IPHONE_5_0) */
/* If this is a domain name and not an IP address, then configure SNI: */
if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
@ -889,7 +902,7 @@ darwinssl_connect_step3(struct connectdata *conn,
* Well, okay, if verbose mode is on, let's print the details of the
* server certificates. */
#if defined(__MAC_10_7) || defined(__IPHONE_5_0)
if(SecTrustGetCertificateCount != NULL) {
if(SecTrustEvaluateAsync != NULL) {
#pragma unused(server_certs)
err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
if(err == noErr) {
@ -910,7 +923,29 @@ darwinssl_connect_step3(struct connectdata *conn,
}
}
else {
#elif TARGET_OS_EMBEDDED == 0
#if TARGET_OS_EMBEDDED == 0
err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
if(err == noErr) {
count = CFArrayGetCount(server_certs);
for(i = 0L ; i < count ; i++) {
server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
i);
server_cert_summary = SecCertificateCopySubjectSummary(server_cert);
memset(server_cert_summary_c, 0, 128);
if(CFStringGetCString(server_cert_summary,
server_cert_summary_c,
128,
kCFStringEncodingUTF8)) {
infof(data, "Server certificate: %s\n", server_cert_summary_c);
}
CFRelease(server_cert_summary);
}
CFRelease(server_certs);
}
#endif /* TARGET_OS_EMBEDDED == 0 */
}
#else
#pragma unused(trust)
err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
if(err == noErr) {
@ -931,9 +966,6 @@ darwinssl_connect_step3(struct connectdata *conn,
CFRelease(server_certs);
}
#endif /* defined(__MAC_10_7) || defined(__IPHONE_5_0) */
#if defined(__MAC_10_7) || defined(__IPHONE_5_0)
}
#endif /* defined(__MAC_10_7) || defined(__IPHONE_5_0) */
connssl->connecting_state = ssl_connect_done;
return CURLE_OK;