cURL / Mailing Lists / curl-library / Single Mail

curl-library

Patch to fix disabling peer verification in darwinssl under Snow Leopard and Lion

From: Nick Zitzmann <nick_at_chronosnet.com>
Date: Wed, 26 Dec 2012 18:19:37 -0800

Hi:

Someone contacted me off-list to report that, if libcurl was built --with-darwinssl on Mountain Lion (OS X 10.8), and the code was executed under Snow Leopard (10.6) or Lion (10.7), then it became impossible to disable verifying the peer certificate chain. I did some testing and found out that that's not supposed to happen, so I'm guessing there was a library bug that was fixed in Mountain Lion, or the behavior just changed at some point. I fixed the bug by using sysctl(), which is present in all versions of OS X, to see if the user is using Mountain Lion or later, and if they aren't, then we use the old and deprecated (but working) method of disabling peer verification. I and the person who contacted me off-list tested this, and it works for us, so please consider this for the next release.

Nick Zitzmann
<http://www.chronosnet.com/>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

application/octet-stream attachment: 0001-darwinssl-Fixed-inability-to-disable-peer-verificati.patch

Received on 2012-12-27

This message: [ Message body ]
Next message: ��С��: "http 403 fobidden from YouTube"
Previous message: Oscar Koeroo: "Re: subject Alternative field check in server certificate"
Next in thread: Daniel Stenberg: "Re: Patch to fix disabling peer verification in darwinssl under Snow Leopard and Lion"
Reply: Daniel Stenberg: "Re: Patch to fix disabling peer verification in darwinssl under Snow Leopard and Lion"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]