cURL / Mailing Lists / curl-library / Single Mail


Re: Peer review! SecureTransport (native SSL on iOS/OS X) patch

From: Yang Tse <>
Date: Mon, 25 Jun 2012 21:14:01 +0200

On Mon, Jun 25, 2012 at 6:37 PM, Nick Zitzmann <> wrote:
> On Jun 25, 2012, at 9:28 AM, Yang Tse wrote:
>> 6) Function Curl_st_version(). No problem at all and ok to first part
>> of returned literal 'SecureTransport'. But...
>> The slash and numeric version part of the string should not be
>> returned if this libsecurity is actually a system or framework library
>> which cannot be fixed and provided by any other one except apple.
> Okay, so you're saying it should just return "SecureTransport" with no version
> number? I thought the version number might be useful for debugging...

I have an "if" in my sentence above there. It reads "returned _IF_
this". So I'm not asseverating there that we must go one way or the

From what I've been able to look up it seems to me that libsecurity is
indeed a system library code-signed by apple, and updated on users
'devices' nearly at apple's wish with little choice left for user.

We would greatly benefit if some apple users/developers could confirm
or deny my previous paragraph written just above this one.

>> What's the actual availability of libsecurity source code?
> Go to <>, select a version of OS X or iOS, and scroll down until you find a package with a name starting with "Security" with a capital S. That is where you'll find the framework source code.

I've found which
seems to have the sources for libsecurity. Don't know if complete or
not. Info-security_ssl.plist files on those subdirectories, as of
right now, lack CFBundleIdentifier and CFBundleVersion keys which I
believe would be somehow needed to properly generate a versioned

In any case the availability of source code was just a matter of curiosity.


List admin:
Received on 2012-06-25