aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPer Malmberg <per.malmberg@snowsoftware.com>2016-05-12 12:16:16 +0200
committerDaniel Stenberg <daniel@haxx.se>2016-05-12 21:37:38 +0200
commit3cf339901e6fc28705f3b64a56e0a15fa65de117 (patch)
treee2de1de3fe6ec2cd7fcc6b04fc028f59681028fb
parent0761a51ee0551ad9e523cbdba24ce00d22fff9c1 (diff)
darwinssl: fix certificate verification disable on OS X 10.8
The new way of disabling certificate verification doesn't work on Mountain Lion (OS X 10.8) so we need to use the old way in that version too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2 and 10.11. Closes #802
-rw-r--r--lib/vtls/darwinssl.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index 384f9d958..c2f8476d4 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -1281,14 +1281,21 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
/* Snow Leopard introduced the SSLSetSessionOption() function, but due to
a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag
- works, it doesn't work as expected under Snow Leopard or Lion.
+ works, it doesn't work as expected under Snow Leopard, Lion or
+ Mountain Lion.
So we need to call SSLSetEnableCertVerify() on those older cats in order
to disable certificate validation if the user turned that off.
(SecureTransport will always validate the certificate chain by
- default.) */
- /* (Note: Darwin 12.x.x is Mountain Lion.) */
+ default.)
+ Note:
+ Darwin 11.x.x is Lion (10.7)
+ Darwin 12.x.x is Mountain Lion (10.8)
+ Darwin 13.x.x is Maverik (10.9)
+ Darwin 14.x.x is Yosemite (10.10)
+ Darwin 15.x.x is El Capitan (10.11)
+ */
#if CURL_BUILD_MAC
- if(SSLSetSessionOption != NULL && darwinver_maj >= 12) {
+ if(SSLSetSessionOption != NULL && darwinver_maj >= 13) {
#else
if(SSLSetSessionOption != NULL) {
#endif /* CURL_BUILD_MAC */