Loading lib/vtls/sectransp.c +20 −7 Original line number Original line Diff line number Diff line Loading @@ -2111,7 +2111,7 @@ static int append_cert_to_array(struct Curl_easy *data, return CURLE_OK; return CURLE_OK; } } static int verify_cert(const char *cafile, struct Curl_easy *data, static CURLcode verify_cert(const char *cafile, struct Curl_easy *data, SSLContextRef ctx) SSLContextRef ctx) { { int n = 0, rc; int n = 0, rc; Loading Loading @@ -2370,10 +2370,10 @@ sectransp_connect_step2(struct connectdata *conn, int sockindex) Leopard's headers */ Leopard's headers */ case -9841: case -9841: if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) { if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) { int res = verify_cert(SSL_CONN_CONFIG(CAfile), data, CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), data, BACKEND->ssl_ctx); BACKEND->ssl_ctx); if(res != CURLE_OK) if(result) return res; return result; } } /* the documentation says we need to call SSLHandshake() again */ /* the documentation says we need to call SSLHandshake() again */ return sectransp_connect_step2(conn, sockindex); return sectransp_connect_step2(conn, sockindex); Loading Loading @@ -3186,7 +3186,10 @@ static ssize_t sectransp_recv(struct connectdata *conn, /*struct Curl_easy *data = conn->data;*/ /*struct Curl_easy *data = conn->data;*/ struct ssl_connect_data *connssl = &conn->ssl[num]; struct ssl_connect_data *connssl = &conn->ssl[num]; size_t processed = 0UL; size_t processed = 0UL; OSStatus err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed); OSStatus err; again: err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed); if(err != noErr) { if(err != noErr) { switch(err) { switch(err) { Loading @@ -3207,6 +3210,16 @@ static ssize_t sectransp_recv(struct connectdata *conn, return -1L; return -1L; break; break; /* The below is errSSLPeerAuthCompleted; it's not defined in Leopard's headers */ case -9841: if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) { CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), conn->data, BACKEND->ssl_ctx); if(result) return result; } goto again; default: default: failf(conn->data, "SSLRead() return error %d", err); failf(conn->data, "SSLRead() return error %d", err); *curlcode = CURLE_RECV_ERROR; *curlcode = CURLE_RECV_ERROR; Loading Loading
lib/vtls/sectransp.c +20 −7 Original line number Original line Diff line number Diff line Loading @@ -2111,7 +2111,7 @@ static int append_cert_to_array(struct Curl_easy *data, return CURLE_OK; return CURLE_OK; } } static int verify_cert(const char *cafile, struct Curl_easy *data, static CURLcode verify_cert(const char *cafile, struct Curl_easy *data, SSLContextRef ctx) SSLContextRef ctx) { { int n = 0, rc; int n = 0, rc; Loading Loading @@ -2370,10 +2370,10 @@ sectransp_connect_step2(struct connectdata *conn, int sockindex) Leopard's headers */ Leopard's headers */ case -9841: case -9841: if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) { if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) { int res = verify_cert(SSL_CONN_CONFIG(CAfile), data, CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), data, BACKEND->ssl_ctx); BACKEND->ssl_ctx); if(res != CURLE_OK) if(result) return res; return result; } } /* the documentation says we need to call SSLHandshake() again */ /* the documentation says we need to call SSLHandshake() again */ return sectransp_connect_step2(conn, sockindex); return sectransp_connect_step2(conn, sockindex); Loading Loading @@ -3186,7 +3186,10 @@ static ssize_t sectransp_recv(struct connectdata *conn, /*struct Curl_easy *data = conn->data;*/ /*struct Curl_easy *data = conn->data;*/ struct ssl_connect_data *connssl = &conn->ssl[num]; struct ssl_connect_data *connssl = &conn->ssl[num]; size_t processed = 0UL; size_t processed = 0UL; OSStatus err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed); OSStatus err; again: err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed); if(err != noErr) { if(err != noErr) { switch(err) { switch(err) { Loading @@ -3207,6 +3210,16 @@ static ssize_t sectransp_recv(struct connectdata *conn, return -1L; return -1L; break; break; /* The below is errSSLPeerAuthCompleted; it's not defined in Leopard's headers */ case -9841: if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) { CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), conn->data, BACKEND->ssl_ctx); if(result) return result; } goto again; default: default: failf(conn->data, "SSLRead() return error %d", err); failf(conn->data, "SSLRead() return error %d", err); *curlcode = CURLE_RECV_ERROR; *curlcode = CURLE_RECV_ERROR; Loading
