diff options
-rw-r--r-- | lib/vtls/darwinssl.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c index 2146b562d..66d872708 100644 --- a/lib/vtls/darwinssl.c +++ b/lib/vtls/darwinssl.c @@ -885,12 +885,13 @@ static OSStatus CopyIdentityWithLabel(char *label, SecIdentityRef *out_cert_and_key) { OSStatus status = errSecItemNotFound; + +#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS CFArrayRef keys_list; CFIndex keys_list_count; CFIndex i; CFStringRef common_name; -#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS /* SecItemCopyMatching() was introduced in iOS and Snow Leopard. kSecClassIdentity was introduced in Lion. If both exist, let's use them to find the certificate. */ @@ -929,32 +930,35 @@ static OSStatus CopyIdentityWithLabel(char *label, if(status == noErr) { keys_list_count = CFArrayGetCount(keys_list); *out_cert_and_key = NULL; + status = 1; for(i=0; i<keys_list_count; i++) { OSStatus err = noErr; SecCertificateRef cert = NULL; - *out_cert_and_key = + SecIdentityRef identity = (SecIdentityRef) CFArrayGetValueAtIndex(keys_list, i); - err = SecIdentityCopyCertificate(*out_cert_and_key, &cert); + err = SecIdentityCopyCertificate(identity, &cert); if(err == noErr) { #if CURL_BUILD_IOS common_name = SecCertificateCopySubjectSummary(cert); -#else // CURL_BUILD_MAC_10_7 +#elif CURL_BUILD_MAC_10_7 SecCertificateCopyCommonName(cert, &common_name); #endif if(CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) { CFRelease(cert); CFRelease(common_name); + CFRetain(identity); + *out_cert_and_key = identity; status = noErr; break; } CFRelease(common_name); } - *out_cert_and_key = NULL; - status = 1; CFRelease(cert); } } + if(keys_list) + CFRelease(keys_list); CFRelease(query_dict); CFRelease(label_cf); } |