Crash on OSX

[teyrow]

I did this

curl --cacert ./ca.modio.se.cacert --cert ./hsb-demo.crt --key ./hsb-demo.key https://api.moodio.se/

I expected the following

Download or error

curl/libcurl version

using system curl:
$ which curl
/usr/bin/curl

curl 7.51.0 (x86_64-apple-darwin16.0) libcurl/7.51.0 SecureTransport zlib/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets

2017-04-25 14:50:23.802 curl[47694:4961444] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSPlaceholderArray initWithObjects:count:]: attempt to insert nil object from objects[0]'
*** First throw call stack:
(
0 CoreFoundation 0x00007fffa197237b __exceptionPreprocess + 171
1 libobjc.A.dylib 0x00007fffb676648d objc_exception_throw + 48
2 CoreFoundation 0x00007fffa1868184 -[__NSPlaceholderArray initWithObjects:count:] + 276
3 libcurl.4.dylib 0x00007fffb605c45f darwinssl_connect_common + 2166
4 libcurl.4.dylib 0x00007fffb605aa85 Curl_ssl_connect_nonblocking + 77
5 libcurl.4.dylib 0x00007fffb6022631 https_connecting + 23
6 libcurl.4.dylib 0x00007fffb60225fc Curl_http_connect + 71
7 libcurl.4.dylib 0x00007fffb6030c4d Curl_protocol_connect + 127
8 libcurl.4.dylib 0x00007fffb6044f2f multi_runsingle + 921
9 libcurl.4.dylib 0x00007fffb6044b1d curl_multi_perform + 92
10 libcurl.4.dylib 0x00007fffb603daa9 curl_easy_perform + 339
11 curl 0x0000000101e7558d curl + 46477
12 curl 0x0000000101e72515 curl + 34069
13 curl 0x0000000101e71dcf curl + 32207
14 libdyld.dylib 0x00007fffb704b235 start + 1
)
libc++abi.dylib: terminating with uncaught exception of type NSException
Abort trap: 6

operating system

Darwin rambo.local 16.5.0 Darwin Kernel Version 16.5.0: Fri Mar 3 16:52:33 PST 2017; root:xnu-3789.51.2~3/RELEASE_X86_64 x86_64

[bagder]

Tell us more about the cert + key you're using. Can we generate/get a similar set somehow?

[Spindel]

Can't rightly give you a cert signed by our core CA, but I set up a new CA cert and signed a cert for you here:

foo.zip

[nickzman]

1. I cannot reproduce this crash in the latest version of curl.
2. You cannot use the --key option when curl is built to use Secure Transport. If you want to use a client-side certificate and private key, you must either use a Keychain item, or you must use a PKCS#12 file that includes both the certificate and key.
3. If the certificate is self-signed, I would recommend importing it into your Keychain so you don't have to use --cacert. The --cacert option is present mainly for backward compatibility with scripts written for other POSIX systems.

[bagder]

I made it happen once with current git master but it doesn't happen on subsequent invokes:

$ ~/src/curl/src/curl --cacert ./caramel.ca.cert --cert ./client.example.com.crt --key ./client.example.com.key https://api.moodio.se

2017-05-03 11:05:01.279 curl[19157:311252] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSPlaceholderArray initWithObjects:count:]: attempt to insert nil object from objects[0]'
*** First throw call stack:
(
        0   CoreFoundation                      0x00007fffd2a7d37b __exceptionPreprocess + 171
        1   libobjc.A.dylib                     0x00007fffe787148d objc_exception_throw + 48
        2   CoreFoundation                      0x00007fffd2973184 -[__NSPlaceholderArray initWithObjects:count:] + 276
        3   curl                                0x000000010bd5b00b darwinssl_connect_step1 + 3275
        4   curl                                0x000000010bd59a53 darwinssl_connect_common + 211
        5   curl                                0x000000010bd5997a Curl_darwinssl_connect_nonblocking + 42
        6   curl                                0x000000010bd5810b Curl_ssl_connect_nonblocking + 155
        7   curl                                0x000000010bce9616 https_connecting + 134
        8   curl                                0x000000010bce9526 Curl_http_connect + 214
        9   curl                                0x000000010bd05ae9 Curl_protocol_connect + 313
        10  curl                                0x000000010bd2a5b9 multi_runsingle + 2441
        11  curl                                0x000000010bd29b6b curl_multi_perform + 123
        12  curl                                0x000000010bd1e090 easy_transfer + 336
        13  curl                                0x000000010bd1d234 easy_perform + 356
        14  curl                                0x000000010bd1d0c7 curl_easy_perform + 23
        15  curl                                0x000000010bcd23e1 operate_do + 26257
        16  curl                                0x000000010bccbca3 operate + 611
        17  curl                                0x000000010bcca9bf main + 127
        18  libdyld.dylib                       0x00007fffe8156235 start + 1
        19  ???                                 0x0000000000000008 0x0 + 8
)
libc++abi.dylib: terminating with uncaught exception of type NSException
Abort trap: 6

$ ~/src/curl/src/curl --cacert ./caramel.ca.cert --cert ./client.example.com.crt --key ./client.example.com.key https://api.moodio.se
curl: (58) SSL: Can't load the certificate "./client.example.com.crt" and its private key: OSStatus -25299

[nickzman]

Hmm, though I can't reproduce it, I can see how this could happen. I've attached a patch that ought to prevent the crash from happening.

Reporter, could you please try it out and let me know how it goes?
1450.txt

[bagder]

@teyrow, any news?

[bagder]

@nickzman: I read the CopyIdentityWithLabel function just now, and I think your fix is indeed necessary as that function can return noErr together with a NULL pointer. So please merge that fix!