Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: A darwinssl-related bug again

From: Toby Peterson <toby_at_apple.com>
Date: Tue, 02 Sep 2014 16:16:23 -0700

On Aug 29, 2014, at 03:55, Vilmos Nebehaj <v.nebehaj_at_gmail.com> wrote:
>
> On Fri, Aug 29, 2014 at 1:56 AM, Nick Zitzmann <nick_at_chronosnet.com> wrote:
>>
>> On Aug 28, 2014, at 6:02 PM, Vilmos Nebehaj <v.nebehaj_at_gmail.com> wrote:
>>
>>> The comment about wildcard certificates was a red herring it seems.
>>>
>>> The problem is that if the user via --cacert supplies a certificate
>>> bundle with multiple CA certificates in it, curl_darwinssl.c will only
>>> use the first one.
>>>
>>> For a fix, see https://github.com/ldx/curl/tree/darwinsslfix
>>>
>>> Can someone confirm this works? I tested it on OS X 10.9 with
>>> - the cacerts.pem bundle from the ticket,
>>> - a cert file containing only one cert and
>>> - a DER cert file.
>>
>> Great! I can confirm that this works with the PEM bundle in the bug report.
>>
>> Could you please clean up the compiler warnings, fix the code style issues (which you can see by building the project with --enable-debug specified), remove the "SSL: parsing CA certificate file" and "SSL: certificate verification succeeded" verbose log messages, and then submit a pull request?
>
> Here it is:
>
> https://github.com/bagder/curl/pull/114
>
> Thanks Nick!

Quick followup. 4c134bc seems to function as intended - thanks! However, the second change (0426670) breaks the build on iOS, because SecCertificateCopyPublicKey is not available. I'm not aware of a good replacement, unfortunately. #ifdef'ing that check out works, of course.

- Toby

>
> Cheers,
> Vilmos
>
>> Thanks!
>>
>> Nick Zitzmann
>> <http://www.chronosnet.com/>
>>
>>
>>
>>
>> -------------------------------------------------------------------
>> List admin: http://cool.haxx.se/list/listinfo/curl-library
>> Etiquette: http://curl.haxx.se/mail/etiquette.html
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-09-03