moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 11:35:07 -05:00
Code Issues Releases Wiki Activity

sectransp: handle errSSLPeerAuthCompleted from SSLRead()

Browse Source 
Reported-by: smuellerDD on github
Fixes #3932
Closes #3933
This commit is contained in:
Daniel Stenberg 2019-05-23 17:16:02 +02:00
parent 9d55e09cfe
commit 5c9b2e68a4
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
lib/vtls/sectransp.c
View File

@ -2111,8 +2111,8 @@ static int append_cert_to_array(struct Curl_easy *data,
return CURLE_OK;
}
static int verify_cert(const char *cafile, struct Curl_easy *data,
SSLContextRef ctx)
static CURLcode verify_cert(const char *cafile, struct Curl_easy *data,
SSLContextRef ctx)
{
int n = 0, rc;
long res;
@ -2370,10 +2370,10 @@ sectransp_connect_step2(struct connectdata *conn, int sockindex)
Leopard's headers */
case -9841:
if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) {
int res = verify_cert(SSL_CONN_CONFIG(CAfile), data,
BACKEND->ssl_ctx);
if(res != CURLE_OK)
return res;
CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), data,
BACKEND->ssl_ctx);
if(result)
return result;
}
/* the documentation says we need to call SSLHandshake() again */
return sectransp_connect_step2(conn, sockindex);
@ -3186,7 +3186,10 @@ static ssize_t sectransp_recv(struct connectdata *conn,
/*struct Curl_easy *data = conn->data;*/
struct ssl_connect_data *connssl = &conn->ssl[num];
size_t processed = 0UL;
OSStatus err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed);
OSStatus err;
again:
err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed);
if(err != noErr) {
switch(err) {
@ -3207,6 +3210,16 @@ static ssize_t sectransp_recv(struct connectdata *conn,
return -1L;
break;
/* The below is errSSLPeerAuthCompleted; it's not defined in
Leopard's headers */
case -9841:
if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) {
CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), conn->data,
BACKEND->ssl_ctx);
if(result)
return result;
}
goto again;
default:
failf(conn->data, "SSLRead() return error %d", err);
*curlcode = CURLE_RECV_ERROR;