aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/curl_darwinssl.c45
1 files changed, 39 insertions, 6 deletions
diff --git a/lib/curl_darwinssl.c b/lib/curl_darwinssl.c
index 827c876e0..e81e7a637 100644
--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
@@ -360,6 +360,7 @@ CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) {
case TLS_DH_anon_WITH_AES_256_CBC_SHA:
return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
break;
+#if defined(__MAC_10_6) || defined(__IPHONE_5_0)
/* TLS 1.0 with ECDSA (RFC 4492) */
case TLS_ECDH_ECDSA_WITH_NULL_SHA:
return "TLS_ECDH_ECDSA_WITH_NULL_SHA";
@@ -436,6 +437,7 @@ CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) {
case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
return "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
break;
+#endif /* defined(__MAC_10_6) || defined(__IPHONE_5_0) */
#if defined(__MAC_10_8) || defined(__IPHONE_5_0)
/* TLS 1.2 (RFC 5246) */
case TLS_RSA_WITH_NULL_MD5:
@@ -661,6 +663,37 @@ CF_INLINE bool IsRunningMountainLionOrLater(void)
#endif
}
+/* Apple provides a myriad of ways of getting information about a certificate
+ into a string. Some aren't available under iOS or newer cats. So here's
+ a unified function for getting a string describing the certificate that
+ ought to work in all cats starting with Leopard. */
+CF_INLINE CFStringRef CopyCertSubject(SecCertificateRef cert)
+{
+ CFStringRef server_cert_summary = CFSTR("(null)");
+
+#if (TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)
+ /* iOS: There's only one way to do this. */
+ server_cert_summary = SecCertificateCopySubjectSummary(cert);
+#else
+#if defined(__MAC_10_7)
+ /* Lion & later: Get the long description if we can. */
+ if(SecCertificateCopyLongDescription != NULL)
+ server_cert_summary =
+ SecCertificateCopyLongDescription(NULL, cert, NULL);
+ else
+#endif /* defined(__MAC_10_7) */
+#if defined(__MAC_10_6)
+ /* Snow Leopard: Get the certificate summary. */
+ if(SecCertificateCopySubjectSummary != NULL)
+ server_cert_summary = SecCertificateCopySubjectSummary(cert);
+ else
+#endif /* defined(__MAC_10_6) */
+ /* Leopard is as far back as we go... */
+ (void)SecCertificateCopyCommonName(cert, &server_cert_summary);
+#endif /* (TARGET_OS_EMBEDDED || TARGET_OS_IPHONE) */
+ return server_cert_summary;
+}
+
static CURLcode darwinssl_connect_step1(struct connectdata *conn,
int sockindex)
{
@@ -907,9 +940,11 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
ssl_connect_2_writing : ssl_connect_2_reading;
return CURLE_OK;
+#if defined(__MAC_10_6) || defined(__IPHONE_5_0)
case errSSLServerAuthCompleted:
/* the documentation says we need to call SSLHandshake() again */
return darwinssl_connect_step2(conn, sockindex);
+#endif /* defined(__MAC_10_6) || defined(__IPHONE_5_0) */
case errSSLXCertChainInvalid:
case errSSLUnknownRootCert:
@@ -993,7 +1028,7 @@ darwinssl_connect_step3(struct connectdata *conn,
count = SecTrustGetCertificateCount(trust);
for(i = 0L ; i < count ; i++) {
server_cert = SecTrustGetCertificateAtIndex(trust, i);
- server_cert_summary = SecCertificateCopySubjectSummary(server_cert);
+ server_cert_summary = CopyCertSubject(server_cert);
memset(server_cert_summary_c, 0, 128);
if(CFStringGetCString(server_cert_summary,
server_cert_summary_c,
@@ -1019,8 +1054,7 @@ darwinssl_connect_step3(struct connectdata *conn,
count = SecTrustGetCertificateCount(trust);
for(i = 0L ; i < count ; i++) {
server_cert = SecTrustGetCertificateAtIndex(trust, i);
- server_cert_summary =
- SecCertificateCopyLongDescription(NULL, server_cert, NULL);
+ server_cert_summary = CopyCertSubject(server_cert);
memset(server_cert_summary_c, 0, 128);
if(CFStringGetCString(server_cert_summary,
server_cert_summary_c,
@@ -1041,7 +1075,7 @@ darwinssl_connect_step3(struct connectdata *conn,
server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
i);
- server_cert_summary = SecCertificateCopySubjectSummary(server_cert);
+ server_cert_summary = CopyCertSubject(server_cert);
memset(server_cert_summary_c, 0, 128);
if(CFStringGetCString(server_cert_summary,
server_cert_summary_c,
@@ -1062,8 +1096,7 @@ darwinssl_connect_step3(struct connectdata *conn,
count = CFArrayGetCount(server_certs);
for(i = 0L ; i < count ; i++) {
server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
-
- server_cert_summary = SecCertificateCopySubjectSummary(server_cert);
+ server_cert_summary = CopyCertSubject(server_cert);
memset(server_cert_summary_c, 0, 128);
if(CFStringGetCString(server_cert_summary,
server_cert_summary_c,