-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
darwinssl: fix iOS build and CFArrayRef leak #1173
Conversation
@chris-araman, thanks for your PR! By analyzing the history of the files in this pull request, we identified @schweikert, @nickzman and @bagder to be potential reviewers. |
Unfortunately I can't test this, because I don't have access to a web server requesting a client-certificate anymore. The patch looks good to me though. Thanks for this, and sorry for breaking the build on iOS. |
No worries, @schweikert. Thanks for contributing! |
if(err == noErr) { | ||
#if CURL_BUILD_IOS | ||
common_name = SecCertificateCopySubjectSummary(cert); | ||
#elif CURL_BUILD_MAC_10_7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this just be #else?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I considered that, but thought this would be clearer, especially if the outer #if
ever changes. Feel free to change it, or require that I do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the late approval. The change looks okay to me, and doesn't break the build. I didn't have time to test this under iOS with a client certificate in the keychain, but in theory, this ought to work.
No problem. Holiday and such. Thanks! |
Thanks, both of you! |
#1172
SecCertificateCopySubjectSummary
on iOS as we do inCopyCertSubject
SecIdentityRef
and release the others withCFRelease(keys_list)
#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
block to avoid unused locals warnings on other targetsstatus = 1
in caseSecItemCopyMatching
yields an empty setI haven't been able to independently verify whether client certificate matching works on any version of iOS or macOS, before or after this change. @schweikert, @nickzman, would you be able to help with that? Presumably, this change is no worse for iOS than what we had before #1105.