1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

darwinssl: Avoid parsing certificates when not in verbose mode

The information extracted from the server certificates in step 3 is only
used when in verbose mode, and there is no error handling or validation
performed as that has already been done. Only run the certificate
information extraction when in verbose mode and libcurl was built with
verbose strings.

Closes https://github.com/curl/curl/pull/1246
This commit is contained in:
Daniel Gustafsson 2017-02-05 10:26:07 +01:00 committed by Jay Satiro
parent 18495ecacc
commit 3509aa8023

View File

@ -219,6 +219,7 @@ static OSStatus SocketWrite(SSLConnectionRef connection,
return ortn;
}
#ifndef CURL_DISABLE_VERBOSE_STRINGS
CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher)
{
switch(cipher) {
@ -776,6 +777,7 @@ CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher)
}
return "TLS_NULL_WITH_NULL_NULL";
}
#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
#if CURL_BUILD_MAC
CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
@ -2037,9 +2039,11 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
}
}
static CURLcode
darwinssl_connect_step3(struct connectdata *conn,
int sockindex)
#ifndef CURL_DISABLE_VERBOSE_STRINGS
/* This should be called during step3 of the connection at the earliest */
static void
show_verbose_server_cert(struct connectdata *conn,
int sockindex)
{
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -2051,9 +2055,9 @@ darwinssl_connect_step3(struct connectdata *conn,
CFIndex i, count;
SecTrustRef trust = NULL;
/* There is no step 3!
* Well, okay, if verbose mode is on, let's print the details of the
* server certificates. */
if(!connssl->ssl_ctx)
return;
#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
#if CURL_BUILD_IOS
#pragma unused(server_certs)
@ -2150,6 +2154,23 @@ darwinssl_connect_step3(struct connectdata *conn,
CFRelease(server_certs);
}
#endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
}
#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
static CURLcode
darwinssl_connect_step3(struct connectdata *conn,
int sockindex)
{
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
/* There is no step 3!
* Well, okay, if verbose mode is on, let's print the details of the
* server certificates. */
#ifndef CURL_DISABLE_VERBOSE_STRINGS
if(data->set.verbose)
show_verbose_server_cert(conn, sockindex);
#endif
connssl->connecting_state = ssl_connect_done;
return CURLE_OK;