[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 27/173: darwinssl: --insecure overrides --cacert if
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 27/173: darwinssl: --insecure overrides --cacert if both settings are in use |
Date: |
Fri, 24 Feb 2017 14:00:49 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.
commit ffbb0f0d37c3969eb59c2fb78ca8297e319960fa
Author: Nick Zitzmann <address@hidden>
AuthorDate: Tue Jan 3 17:44:57 2017 -0600
darwinssl: --insecure overrides --cacert if both settings are in use
Fixes #1184
---
lib/vtls/darwinssl.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index 66d872708..7066281fe 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -1393,18 +1393,13 @@ static CURLcode darwinssl_connect_step1(struct
connectdata *conn,
}
#endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
- if(ssl_cafile) {
+ if(ssl_cafile && verifypeer) {
bool is_cert_file = is_file(ssl_cafile);
if(!is_cert_file) {
failf(data, "SSL: can't load CA certificate file %s", ssl_cafile);
return CURLE_SSL_CACERT_BADFILE;
}
- if(!verifypeer) {
- failf(data, "SSL: CA certificate set, but certificate verification "
- "is disabled");
- return CURLE_SSL_CONNECT_ERROR;
- }
}
/* Configure hostname check. SNI is used if available.
@@ -1929,7 +1924,7 @@ darwinssl_connect_step2(struct connectdata *conn, int
sockindex)
/* The below is errSSLServerAuthCompleted; it's not defined in
Leopard's headers */
case -9841:
- if(SSL_CONN_CONFIG(CAfile)) {
+ if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) {
int res = verify_cert(SSL_CONN_CONFIG(CAfile), data,
connssl->ssl_ctx);
if(res != CURLE_OK)
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 12/173: cmdline-opts/page-footer: add three more exit codes, (continued)
- [GNUnet-SVN] [gnurl] 12/173: cmdline-opts/page-footer: add three more exit codes, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 04/173: bump: toward next release, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 06/173: build-wolfssl: Sync config with wolfSSL 3.10, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 03/173: http: remove "Curl_http_done: called premature" message, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 17/173: darwinssl: fix iOS build, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 23/173: page-footer: error 36 is protocol agnostic!, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 05/173: cyassl: use time_t instead of long for timeout, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 16/173: curl: remove superfluous include file, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 08/173: test1282: verify the ftp-gss check, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 24/173: content_encoding: change return code on a failure, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 27/173: darwinssl: --insecure overrides --cacert if both settings are in use,
gnunet <=
- [GNUnet-SVN] [gnurl] 32/173: docs/page-header: mention how to disable the progress meter, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 29/173: CIPHERS.md: document GSKit ciphers, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 15/173: RELEASE-NOTES: synced with a7b38c9dc98481e, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 33/173: docs/silent: mention --show-error in --silent description, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 37/173: asiohiper: improved socket handling, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 39/173: RELEASE-NOTES: synced with a41e8592d6b3e58, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 13/173: docs/ciphers: link to our own new page about ciphers, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 31/173: wolfssl: display negotiated SSL version and cipher, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 28/173: TheArtOfHttpScripting: grammar, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 22/173: tool_operate: Fix --remote-time incorrect times on Windows, gnunet, 2017/02/24