On Aug 28, 2014, at 6:02 PM, Vilmos Nebehaj <v.nebehaj_at_gmail.com> wrote:

> The comment about wildcard certificates was a red herring it seems.
>
> The problem is that if the user via --cacert supplies a certificate
> bundle with multiple CA certificates in it, curl_darwinssl.c will only
> use the first one.
>
> For a fix, see https://github.com/ldx/curl/tree/darwinsslfix
>
> Can someone confirm this works? I tested it on OS X 10.9 with
> - the cacerts.pem bundle from the ticket,
> - a cert file containing only one cert and
> - a DER cert file.

Great! I can confirm that this works with the PEM bundle in the bug report.

Could you please clean up the compiler warnings, fix the code style issues (which you can see by building the project with --enable-debug specified), remove the "SSL: parsing CA certificate file" and "SSL: certificate verification succeeded" verbose log messages, and then submit a pull request?

Thanks!

Nick Zitzmann
<http://www.chronosnet.com/>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-08-29