Patch to fix disabling peer verification in darwinssl under Snow Leopard and Lion
Date: Wed, 26 Dec 2012 18:19:37 -0800
Someone contacted me off-list to report that, if libcurl was built --with-darwinssl on Mountain Lion (OS X 10.8), and the code was executed under Snow Leopard (10.6) or Lion (10.7), then it became impossible to disable verifying the peer certificate chain. I did some testing and found out that that's not supposed to happen, so I'm guessing there was a library bug that was fixed in Mountain Lion, or the behavior just changed at some point. I fixed the bug by using sysctl(), which is present in all versions of OS X, to see if the user is using Mountain Lion or later, and if they aren't, then we use the old and deprecated (but working) method of disabling peer verification. I and the person who contacted me off-list tested this, and it works for us, so please consider this for the next release.
- application/octet-stream attachment: 0001-darwinssl-Fixed-inability-to-disable-peer-verificati.patch