cURL / Mailing Lists / curl-library / Single Mail


Patch to fix disabling peer verification in darwinssl under Snow Leopard and Lion

From: Nick Zitzmann <>
Date: Wed, 26 Dec 2012 18:19:37 -0800


Someone contacted me off-list to report that, if libcurl was built --with-darwinssl on Mountain Lion (OS X 10.8), and the code was executed under Snow Leopard (10.6) or Lion (10.7), then it became impossible to disable verifying the peer certificate chain. I did some testing and found out that that's not supposed to happen, so I'm guessing there was a library bug that was fixed in Mountain Lion, or the behavior just changed at some point. I fixed the bug by using sysctl(), which is present in all versions of OS X, to see if the user is using Mountain Lion or later, and if they aren't, then we use the old and deprecated (but working) method of disabling peer verification. I and the person who contacted me off-list tested this, and it works for us, so please consider this for the next release.

Nick Zitzmann

List admin:

Received on 2012-12-27