aboutsummaryrefslogtreecommitdiff
path: root/lib/curl_darwinssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/curl_darwinssl.c')
-rw-r--r--lib/curl_darwinssl.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/curl_darwinssl.c b/lib/curl_darwinssl.c
index 334944f09..3cc278a1f 100644
--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
@@ -803,6 +803,8 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
}
#endif /* defined(__MAC_10_6) || defined(__IPHONE_5_0) */
+ /* If this is a domain name and not an IP address, then configure SNI.
+ * Also: the verifyhost setting influences SNI usage */
/* If this is a domain name and not an IP address, then configure SNI: */
if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
#ifdef ENABLE_IPV6
@@ -862,7 +864,6 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
connssl->connecting_state = connssl->ssl_direction ?
ssl_connect_2_writing : ssl_connect_2_reading;
return CURLE_OK;
- break;
case errSSLServerAuthCompleted:
/* the documentation says we need to call SSLHandshake() again */
@@ -874,13 +875,16 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
case errSSLCertExpired:
failf(data, "SSL certificate problem: OSStatus %d", err);
return CURLE_SSL_CACERT;
- break;
+
+ case errSSLHostNameMismatch:
+ failf(data, "SSL certificate peer verification failed, the "
+ "certificate did not match \"%s\"\n", conn->host.dispname);
+ return CURLE_PEER_FAILED_VERIFICATION;
default:
failf(data, "Unknown SSL protocol error in connection to %s:%d",
conn->host.name, err);
return CURLE_SSL_CONNECT_ERROR;
- break;
}
}
else {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 11:32:16 +0000