aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gustafsson <daniel@yesql.se>2017-02-05 10:26:07 +0100
committerJay Satiro <raysatiro@yahoo.com>2017-02-07 02:39:14 -0500
commit3509aa8023e394710a30b18d367f3fa0a9e57796 (patch)
tree3ecf9f2b7351366d7b623001af360171f0e313dd
parent18495ecaccf936a9d7d6c96c08c644ceda83bd00 (diff)
darwinssl: Avoid parsing certificates when not in verbose mode
The information extracted from the server certificates in step 3 is only used when in verbose mode, and there is no error handling or validation performed as that has already been done. Only run the certificate information extraction when in verbose mode and libcurl was built with verbose strings. Closes https://github.com/curl/curl/pull/1246
-rw-r--r--lib/vtls/darwinssl.c33
1 files changed, 27 insertions, 6 deletions
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index 69cf11a2f..050bf960b 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -219,6 +219,7 @@ static OSStatus SocketWrite(SSLConnectionRef connection,
return ortn;
}
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher)
{
switch(cipher) {
@@ -776,6 +777,7 @@ CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher)
}
return "TLS_NULL_WITH_NULL_NULL";
}
+#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
#if CURL_BUILD_MAC
CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
@@ -2037,9 +2039,11 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
}
}
-static CURLcode
-darwinssl_connect_step3(struct connectdata *conn,
- int sockindex)
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+/* This should be called during step3 of the connection at the earliest */
+static void
+show_verbose_server_cert(struct connectdata *conn,
+ int sockindex)
{
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@@ -2051,9 +2055,9 @@ darwinssl_connect_step3(struct connectdata *conn,
CFIndex i, count;
SecTrustRef trust = NULL;
- /* There is no step 3!
- * Well, okay, if verbose mode is on, let's print the details of the
- * server certificates. */
+ if(!connssl->ssl_ctx)
+ return;
+
#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
#if CURL_BUILD_IOS
#pragma unused(server_certs)
@@ -2150,6 +2154,23 @@ darwinssl_connect_step3(struct connectdata *conn,
CFRelease(server_certs);
}
#endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
+}
+#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
+
+static CURLcode
+darwinssl_connect_step3(struct connectdata *conn,
+ int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ /* There is no step 3!
+ * Well, okay, if verbose mode is on, let's print the details of the
+ * server certificates. */
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+ if(data->set.verbose)
+ show_verbose_server_cert(conn, sockindex);
+#endif
connssl->connecting_state = ssl_connect_done;
return CURLE_OK;