Skip to content
Snippets Groups Projects
Commit 0426670f authored by Vilmos Nebehaj's avatar Vilmos Nebehaj
Browse files

Check CA certificate in curl_darwinssl.c. 

SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even
if the buffer holds an invalid or corrupt certificate. Call
SecCertificateCopyPublicKey() to make sure cacert is a valid
certificate.
parent 4c134bcf
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/vtls/curl_darwinssl.c
+ 10
0
View file @ 0426670f
......@@ -1671,6 +1671,16 @@ static int append_cert_to_array(struct SessionHandle *data,
return CURLE_SSL_CACERT;
}
/* Check if cacert is valid. */
SecKeyRef key;
OSStatus ret = SecCertificateCopyPublicKey(cacert, &key);
if(ret != noErr) {
CFRelease(cacert);
failf(data, "SSL: invalid CA certificate");
return CURLE_SSL_CACERT;
}
CFRelease(key);
CFArrayAppendValue(array, cacert);
CFRelease(cacert);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment