-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apple Secure Transport: ignore errSSLPeerAuthCompleted if CURLOPT_SSL_VERIFYPEER is 0 #3932
Comments
Clearly the code doesn't expect -9841 to be returned from SSLRead() but has code for it when returned from SSLHandshake(): Lines 2371 to 2377 in 0edf690
Is this perhaps a renegotiation or something? @nickzman, do you have any thoughts? The error code is documented as:
Does this imply we should just call the function again? |
Am Donnerstag, 23. Mai 2019, 16:42:47 CEST schrieb Daniel Stenberg:
Hi Daniel,
Does this imply we should just call the function again?
As I read it, the code should just proceed like in the code you pointed to.
The TLS stack informed curl that the cert could not be verified.
Ciao
Stephan
|
Reported-by: smuellerDD on github Fixes #3932
If you can reproduce this case, can you try #3933 ? I couldn't try it out, I just wrote it "blindly". |
I did this
my code contains:
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
I use curl with Apple Secure Transport.
During the handshake SSLRead returns -9841 which translates into https://developer.apple.com/documentation/security/1503828-secure_transport_result_codes/errsslpeerauthcompleted
Curl terminates the connection due to SSLRead returned an error. The select call in the function sectransp_recv chooses the "default" entry.
I expected the following
I would presume that this return code is expected when CURLOPT_SSL_VERIFYPEER is set to 0.
Thus, curl should gracefully accept that return code with CURLOPT_SSL_VERIFYPEER set to 0.
curl/libcurl version
7.54
However, the issue seems to be present in the current GIT HEAD.
operating system
macOS 10.14.5
The text was updated successfully, but these errors were encountered: