From: Vilmos Nebehaj <v.nebehaj@gmail.com>
Date: Sun, 31 Aug 2014 22:17:25 +0000 (+0200)
Subject: Check CA certificate in curl_darwinssl.c.
X-Git-Tag: curl-7_38_0~35^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0426670f0a8ffa69df64a3babfb5caed522feb7f;p=curl

Check CA certificate in curl_darwinssl.c.

SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even
if the buffer holds an invalid or corrupt certificate. Call
SecCertificateCopyPublicKey() to make sure cacert is a valid
certificate.
---

diff --git a/lib/vtls/curl_darwinssl.c b/lib/vtls/curl_darwinssl.c
index 9ba287d0e..372635747 100644
--- a/lib/vtls/curl_darwinssl.c
+++ b/lib/vtls/curl_darwinssl.c
@@ -1671,6 +1671,16 @@ static int append_cert_to_array(struct SessionHandle *data,
       return CURLE_SSL_CACERT;
     }
 
+    /* Check if cacert is valid. */
+    SecKeyRef key;
+    OSStatus ret = SecCertificateCopyPublicKey(cacert, &key);
+    if(ret != noErr) {
+      CFRelease(cacert);
+      failf(data, "SSL: invalid CA certificate");
+      return CURLE_SSL_CACERT;
+    }
+    CFRelease(key);
+
     CFArrayAppendValue(array, cacert);
     CFRelease(cacert);