From 3cf339901e6fc28705f3b64a56e0a15fa65de117 Mon Sep 17 00:00:00 2001 From: Per Malmberg Date: Thu, 12 May 2016 12:16:16 +0200 Subject: darwinssl: fix certificate verification disable on OS X 10.8 The new way of disabling certificate verification doesn't work on Mountain Lion (OS X 10.8) so we need to use the old way in that version too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2 and 10.11. Closes #802 --- lib/vtls/darwinssl.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'lib/vtls') diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c index 384f9d958..c2f8476d4 100644 --- a/lib/vtls/darwinssl.c +++ b/lib/vtls/darwinssl.c @@ -1281,14 +1281,21 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS /* Snow Leopard introduced the SSLSetSessionOption() function, but due to a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag - works, it doesn't work as expected under Snow Leopard or Lion. + works, it doesn't work as expected under Snow Leopard, Lion or + Mountain Lion. So we need to call SSLSetEnableCertVerify() on those older cats in order to disable certificate validation if the user turned that off. (SecureTransport will always validate the certificate chain by - default.) */ - /* (Note: Darwin 12.x.x is Mountain Lion.) */ + default.) + Note: + Darwin 11.x.x is Lion (10.7) + Darwin 12.x.x is Mountain Lion (10.8) + Darwin 13.x.x is Maverik (10.9) + Darwin 14.x.x is Yosemite (10.10) + Darwin 15.x.x is El Capitan (10.11) + */ #if CURL_BUILD_MAC - if(SSLSetSessionOption != NULL && darwinver_maj >= 12) { + if(SSLSetSessionOption != NULL && darwinver_maj >= 13) { #else if(SSLSetSessionOption != NULL) { #endif /* CURL_BUILD_MAC */ -- cgit v1.2.3