cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: A darwinssl-related bug again

From: Vilmos Nebehaj <v.nebehaj_at_gmail.com>
Date: Fri, 29 Aug 2014 12:55:24 +0200

On Fri, Aug 29, 2014 at 1:56 AM, Nick Zitzmann <nick_at_chronosnet.com> wrote:
>
> On Aug 28, 2014, at 6:02 PM, Vilmos Nebehaj <v.nebehaj_at_gmail.com> wrote:
>
>> The comment about wildcard certificates was a red herring it seems.
>>
>> The problem is that if the user via --cacert supplies a certificate
>> bundle with multiple CA certificates in it, curl_darwinssl.c will only
>> use the first one.
>>
>> For a fix, see https://github.com/ldx/curl/tree/darwinsslfix
>>
>> Can someone confirm this works? I tested it on OS X 10.9 with
>> - the cacerts.pem bundle from the ticket,
>> - a cert file containing only one cert and
>> - a DER cert file.
>
> Great! I can confirm that this works with the PEM bundle in the bug report.
>
> Could you please clean up the compiler warnings, fix the code style issues (which you can see by building the project with --enable-debug specified), remove the "SSL: parsing CA certificate file" and "SSL: certificate verification succeeded" verbose log messages, and then submit a pull request?

Here it is:

https://github.com/bagder/curl/pull/114

Thanks Nick!

Cheers,
Vilmos

> Thanks!
>
> Nick Zitzmann
> <http://www.chronosnet.com/>
>
>
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-08-29