diff options
author | Per Malmberg <per.malmberg@snowsoftware.com> | 2016-05-12 12:16:16 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-05-12 21:37:38 +0200 |
commit | 3cf339901e6fc28705f3b64a56e0a15fa65de117 (patch) | |
tree | e2de1de3fe6ec2cd7fcc6b04fc028f59681028fb | |
parent | 0761a51ee0551ad9e523cbdba24ce00d22fff9c1 (diff) |
darwinssl: fix certificate verification disable on OS X 10.8
The new way of disabling certificate verification doesn't work on
Mountain Lion (OS X 10.8) so we need to use the old way in that version
too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2
and 10.11.
Closes #802
-rw-r--r-- | lib/vtls/darwinssl.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c index 384f9d958..c2f8476d4 100644 --- a/lib/vtls/darwinssl.c +++ b/lib/vtls/darwinssl.c @@ -1281,14 +1281,21 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS /* Snow Leopard introduced the SSLSetSessionOption() function, but due to a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag - works, it doesn't work as expected under Snow Leopard or Lion. + works, it doesn't work as expected under Snow Leopard, Lion or + Mountain Lion. So we need to call SSLSetEnableCertVerify() on those older cats in order to disable certificate validation if the user turned that off. (SecureTransport will always validate the certificate chain by - default.) */ - /* (Note: Darwin 12.x.x is Mountain Lion.) */ + default.) + Note: + Darwin 11.x.x is Lion (10.7) + Darwin 12.x.x is Mountain Lion (10.8) + Darwin 13.x.x is Maverik (10.9) + Darwin 14.x.x is Yosemite (10.10) + Darwin 15.x.x is El Capitan (10.11) + */ #if CURL_BUILD_MAC - if(SSLSetSessionOption != NULL && darwinver_maj >= 12) { + if(SSLSetSessionOption != NULL && darwinver_maj >= 13) { #else if(SSLSetSessionOption != NULL) { #endif /* CURL_BUILD_MAC */ |