Commit 3cf33990 authored by Per Malmberg's avatar Per Malmberg Committed by Daniel Stenberg
Browse files

darwinssl: fix certificate verification disable on OS X 10.8 

The new way of disabling certificate verification doesn't work on
Mountain Lion (OS X 10.8) so we need to use the old way in that version
too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2
and 10.11.

Closes #802
parent 0761a51e

lib/vtls/darwinssl.c

+11 −4
Original line number Diff line number Diff line
@@ -1281,14 +1281,21 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, 
#if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS

  /* Snow Leopard introduced the SSLSetSessionOption() function, but due to

     a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag

     works, it doesn't work as expected under Snow Leopard or Lion.

     works, it doesn't work as expected under Snow Leopard, Lion or

     Mountain Lion.

     So we need to call SSLSetEnableCertVerify() on those older cats in order

     to disable certificate validation if the user turned that off.

     (SecureTransport will always validate the certificate chain by

     default.) */

  /* (Note: Darwin 12.x.x is Mountain Lion.) */

     default.)

  Note:

  Darwin 11.x.x is Lion (10.7)

  Darwin 12.x.x is Mountain Lion (10.8)

  Darwin 13.x.x is Maverik (10.9)

  Darwin 14.x.x is Yosemite (10.10)

  Darwin 15.x.x is El Capitan (10.11)

  */

#if CURL_BUILD_MAC

  if(SSLSetSessionOption != NULL && darwinver_maj >= 12) {

  if(SSLSetSessionOption != NULL && darwinver_maj >= 13) {

#else

  if(SSLSetSessionOption != NULL) {

#endif /* CURL_BUILD_MAC */