aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls/curl_darwinssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/vtls/curl_darwinssl.c')
-rw-r--r--lib/vtls/curl_darwinssl.c19
1 files changed, 15 insertions, 4 deletions
diff --git a/lib/vtls/curl_darwinssl.c b/lib/vtls/curl_darwinssl.c
index 372635747..f229c6fe2 100644
--- a/lib/vtls/curl_darwinssl.c
+++ b/lib/vtls/curl_darwinssl.c
@@ -1672,14 +1672,25 @@ static int append_cert_to_array(struct SessionHandle *data,
}
/* Check if cacert is valid. */
- SecKeyRef key;
- OSStatus ret = SecCertificateCopyPublicKey(cacert, &key);
- if(ret != noErr) {
+ CFStringRef subject = CopyCertSubject(cacert);
+ if(subject) {
+ char subject_cbuf[128];
+ memset(subject_cbuf, 0, 128);
+ if(!CFStringGetCString(subject,
+ subject_cbuf,
+ 128,
+ kCFStringEncodingUTF8)) {
+ CFRelease(cacert);
+ failf(data, "SSL: invalid CA certificate subject");
+ return CURLE_SSL_CACERT;
+ }
+ CFRelease(subject);
+ }
+ else {
CFRelease(cacert);
failf(data, "SSL: invalid CA certificate");
return CURLE_SSL_CACERT;
}
- CFRelease(key);
CFArrayAppendValue(array, cacert);
CFRelease(cacert);
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-30 02:49:47 +0000