From 0426670f0a8ffa69df64a3babfb5caed522feb7f Mon Sep 17 00:00:00 2001
From: Vilmos Nebehaj <v.nebehaj@gmail.com>
Date: Mon, 1 Sep 2014 00:17:25 +0200
Subject: Check CA certificate in curl_darwinssl.c.

SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even
if the buffer holds an invalid or corrupt certificate. Call
SecCertificateCopyPublicKey() to make sure cacert is a valid
certificate.
---
 lib/vtls/curl_darwinssl.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/vtls/curl_darwinssl.c b/lib/vtls/curl_darwinssl.c
index 9ba287d0e..372635747 100644
--- a/lib/vtls/curl_darwinssl.c
+++ b/lib/vtls/curl_darwinssl.c
@@ -1671,6 +1671,16 @@ static int append_cert_to_array(struct SessionHandle *data,
       return CURLE_SSL_CACERT;
     }
 
+    /* Check if cacert is valid. */
+    SecKeyRef key;
+    OSStatus ret = SecCertificateCopyPublicKey(cacert, &key);
+    if(ret != noErr) {
+      CFRelease(cacert);
+      failf(data, "SSL: invalid CA certificate");
+      return CURLE_SSL_CACERT;
+    }
+    CFRelease(key);
+
     CFArrayAppendValue(array, cacert);
     CFRelease(cacert);
 
-- 
cgit v1.2.3