mirror of https://github.com/moparisthebest/curl
darwinssl: Avoid parsing certificates when not in verbose mode
The information extracted from the server certificates in step 3 is only used when in verbose mode, and there is no error handling or validation performed as that has already been done. Only run the certificate information extraction when in verbose mode and libcurl was built with verbose strings. Closes https://github.com/curl/curl/pull/1246
This commit is contained in:
Daniel Gustafsson
Jay Satiro
parent
18495ecacc
commit
3509aa8023
|
|
@ -219,6 +219,7 @@ static OSStatus SocketWrite(SSLConnectionRef connection,
|
|||
return ortn;
|
||||
}
|
||||
|
||||
#ifndef CURL_DISABLE_VERBOSE_STRINGS
|
||||
CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher)
|
||||
{
|
||||
switch(cipher) {
|
||||
|
|
@ -776,6 +777,7 @@ CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher)
|
|||
}
|
||||
return "TLS_NULL_WITH_NULL_NULL";
|
||||
}
|
||||
#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
|
||||
|
||||
#if CURL_BUILD_MAC
|
||||
CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
|
||||
|
|
@ -2037,9 +2039,11 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
|
|||
}
|
||||
}
|
||||
|
||||
static CURLcode
|
||||
darwinssl_connect_step3(struct connectdata *conn,
|
||||
int sockindex)
|
||||
#ifndef CURL_DISABLE_VERBOSE_STRINGS
|
||||
/* This should be called during step3 of the connection at the earliest */
|
||||
static void
|
||||
show_verbose_server_cert(struct connectdata *conn,
|
||||
int sockindex)
|
||||
{
|
||||
struct Curl_easy *data = conn->data;
|
||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
|
|
@ -2051,9 +2055,9 @@ darwinssl_connect_step3(struct connectdata *conn,
|
|||
CFIndex i, count;
|
||||
SecTrustRef trust = NULL;
|
||||
|
||||
/* There is no step 3!
|
||||
* Well, okay, if verbose mode is on, let's print the details of the
|
||||
* server certificates. */
|
||||
if(!connssl->ssl_ctx)
|
||||
return;
|
||||
|
||||
#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
|
||||
#if CURL_BUILD_IOS
|
||||
#pragma unused(server_certs)
|
||||
|
|
@ -2150,6 +2154,23 @@ darwinssl_connect_step3(struct connectdata *conn,
|
|||
CFRelease(server_certs);
|
||||
}
|
||||
#endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
|
||||
}
|
||||
#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
|
||||
|
||||
static CURLcode
|
||||
darwinssl_connect_step3(struct connectdata *conn,
|
||||
int sockindex)
|
||||
{
|
||||
struct Curl_easy *data = conn->data;
|
||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
|
||||
/* There is no step 3!
|
||||
* Well, okay, if verbose mode is on, let's print the details of the
|
||||
* server certificates. */
|
||||
#ifndef CURL_DISABLE_VERBOSE_STRINGS
|
||||
if(data->set.verbose)
|
||||
show_verbose_server_cert(conn, sockindex);
|
||||
#endif
|
||||
|
||||
connssl->connecting_state = ssl_connect_done;
|
||||
return CURLE_OK;
|
||||
|
|
|
|||
Loading…
Reference in New Issue