darwinssl: Use CopyCertSubject() to check CA cert.

SecCertificateCopyPublicKey() is not available on iPhone. Use CopyCertSubject() instead to see if the certificate returned by SecCertificateCreateWithData() is valid. Reported-by: Toby Peterson
author: Vilmos Nebehaj <v.nebehaj@gmail.com> 2014-09-03 11:39:16 +0200
committer: Nick Zitzmann <nickzman@gmail.com> 2014-09-04 19:00:02 -0500
commit: fd1ce3856a77981ffe5e9d83b1843374e5a88d58 (patch)
tree: 8264f68ab562b07f3adde18e6fbdba84a94ad130
parent: c6ee182bd4b9c18f05efedf896acf61f52e6ec8c (diff)
1 files changed, 15 insertions, 4 deletions
diff --git a/lib/vtls/curl_darwinssl.c b/lib/vtls/curl_darwinssl.c
index 372635747..f229c6fe2 100644
--- a/lib/vtls/curl_darwinssl.c
+++ b/lib/vtls/curl_darwinssl.c
@@ -1672,14 +1672,25 @@ static int append_cert_to_array(struct SessionHandle *data,
     }
 
     /* Check if cacert is valid. */
-    SecKeyRef key;
-    OSStatus ret = SecCertificateCopyPublicKey(cacert, &key);
-    if(ret != noErr) {
+    CFStringRef subject = CopyCertSubject(cacert);
+    if(subject) {
+      char subject_cbuf[128];
+      memset(subject_cbuf, 0, 128);
+      if(!CFStringGetCString(subject,
+                            subject_cbuf,
+                            128,
+                            kCFStringEncodingUTF8)) {
+        CFRelease(cacert);
+        failf(data, "SSL: invalid CA certificate subject");
+        return CURLE_SSL_CACERT;
+      }
+      CFRelease(subject);
+    }
+    else {
       CFRelease(cacert);
       failf(data, "SSL: invalid CA certificate");
       return CURLE_SSL_CACERT;
     }
-    CFRelease(key);
 
     CFArrayAppendValue(array, cacert);
     CFRelease(cacert);
author	Vilmos Nebehaj <v.nebehaj@gmail.com>	2014-09-03 11:39:16 +0200
committer	Nick Zitzmann <nickzman@gmail.com>	2014-09-04 19:00:02 -0500
commit	fd1ce3856a77981ffe5e9d83b1843374e5a88d58 (patch)
tree	8264f68ab562b07f3adde18e6fbdba84a94ad130
parent	c6ee182bd4b9c18f05efedf896acf61f52e6ec8c (diff)