generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

darwinssl: Use CopyCertSubject() to check CA cert.

Browse Source 
SecCertificateCopyPublicKey() is not available on iPhone. Use
CopyCertSubject() instead to see if the certificate returned by
SecCertificateCreateWithData() is valid.

Reported-by: Toby Peterson
This commit is contained in:
Vilmos Nebehaj 2014-09-03 11:39:16 +02:00 committed by Nick Zitzmann
parent c6ee182bd4
commit fd1ce3856a
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/vtls/curl_darwinssl.c
View File

@ -1672,14 +1672,25 @@ static int append_cert_to_array(struct SessionHandle *data,
} }
/* Check if cacert is valid. */ /* Check if cacert is valid. */
SecKeyRef key; CFStringRef subject = CopyCertSubject(cacert);
OSStatus ret = SecCertificateCopyPublicKey(cacert, &key); if(subject) {
if(ret != noErr) { char subject_cbuf[128];
memset(subject_cbuf, 0, 128);
if(!CFStringGetCString(subject,
subject_cbuf,
128,
kCFStringEncodingUTF8)) {
CFRelease(cacert);
failf(data, "SSL: invalid CA certificate subject");
return CURLE_SSL_CACERT;
}
CFRelease(subject);
}
else {
CFRelease(cacert); CFRelease(cacert);
failf(data, "SSL: invalid CA certificate"); failf(data, "SSL: invalid CA certificate");
return CURLE_SSL_CACERT; return CURLE_SSL_CACERT;
} }
CFRelease(key);
CFArrayAppendValue(array, cacert); CFArrayAppendValue(array, cacert);
CFRelease(cacert); CFRelease(cacert);