darwinssl: fix iOS build and CFArrayRef leak #1173

wants to merge 3 commits into


None yet

5 participants

chris-araman commented Dec 23, 2016 edited


  • use SecCertificateCopySubjectSummary on iOS as we do in CopyCertSubject
  • retain the matching SecIdentityRef and release the others with CFRelease(keys_list)
  • move locals into #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS block to avoid unused locals warnings on other targets
  • set status = 1 in case SecItemCopyMatching yields an empty set

I haven't been able to independently verify whether client certificate matching works on any version of iOS or macOS, before or after this change. @schweikert, @nickzman, would you be able to help with that? Presumably, this change is no worse for iOS than what we had before #1105.

chris-araman added some commits Dec 23, 2016
@chris-araman chris-araman darwinssl: fix iOS build 474835a
@chris-araman chris-araman darwinssl: fix CFArrayRef leak

@chris-araman, thanks for your PR! By analyzing the history of the files in this pull request, we identified @schweikert, @nickzman and @bagder to be potential reviewers.

@chris-araman chris-araman checksrc: fix style defects
schweikert commented Dec 23, 2016 edited

Unfortunately I can't test this, because I don't have access to a web server requesting a client-certificate anymore. The patch looks good to me though.

Thanks for this, and sorry for breaking the build on iOS.


No worries, @schweikert. Thanks for contributing!

@chris-araman chris-araman changed the title from fix iOS build and CFArrayRef leak to darwinssl: fix iOS build and CFArrayRef leak Dec 23, 2016
if(err == noErr) {
+ common_name = SecCertificateCopySubjectSummary(cert);
+#elif CURL_BUILD_MAC_10_7
nickzman Dec 24, 2016 Collaborator

Shouldn't this just be #else?

chris-araman Dec 24, 2016 Contributor

I considered that, but thought this would be clearer, especially if the outer #if ever changes. Feel free to change it, or require that I do.


Sorry for the late approval. The change looks okay to me, and doesn't break the build. I didn't have time to test this under iOS with a client certificate in the keychain, but in theory, this ought to work.


No problem. Holiday and such. Thanks!

@bagder bagder added a commit that closed this pull request Dec 27, 2016
@chris-araman @bagder chris-araman + bagder darwinssl: fix CFArrayRef leak
Reviewed-by: Nick Zitzmann
Closes #1173
@bagder bagder closed this in e53f073 Dec 27, 2016
bagder commented Dec 27, 2016

Thanks, both of you!

@chris-araman chris-araman deleted the unknown repository branch Dec 27, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment