sectransp: support CURLINFO_CERTINFO

Fixes curl#4130
sergio-nsk · Jul 15, 2021 · 492d308 · 492d308
1 parent 71bfec1
commit 492d308
Showing 1 changed file with 28 additions and 52 deletions.
diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
@@ -2853,7 +2853,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
 static CURLcode
 add_cert_to_certinfo(struct Curl_easy *data,
                      SecCertificateRef server_cert,
-                     CFIndex idx)
+                     int idx)
 {
   CURLcode result = CURLE_OK;
   const char *beg;
@@ -2865,11 +2865,32 @@ add_cert_to_certinfo(struct Curl_easy *data,
 
   beg = (const char *)CFDataGetBytePtr(cert_data);
   end = beg + CFDataGetLength(cert_data);
-  result = Curl_extract_certinfo(data, (int)idx, beg, end);
+  result = Curl_extract_certinfo(data, idx, beg, end);
   CFRelease(cert_data);
   return result;
 }
 
+static CURLcode
+collect_server_cert_single(struct Curl_easy *data,
+                           SecCertificateRef server_cert,
+                           CFIndex idx)
+{
+  CURLcode result = CURLE_OK;
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  if(data->set.verbose) {
+    char *certp;
+    result = CopyCertSubject(data, server_cert, &certp);
+    if(!result) {
+      infof(data, "Server certificate: %s", certp);
+      free(certp);
+    }
+  }
+#endif
+  if(data->set.ssl.certinfo)
+    result = add_cert_to_certinfo(data, server_cert, (int)idx);
+  return result;
+}
+
 /* This should be called during step3 of the connection at the earliest */
 static CURLcode
 collect_server_cert(struct Curl_easy *data,
@@ -2909,18 +2930,7 @@ collect_server_cert(struct Curl_easy *data,
       result = Curl_ssl_init_certinfo(data, count);
     for(i = 0L ; !result && (i < count) ; i++) {
       server_cert = SecTrustGetCertificateAtIndex(trust, i);
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
-      if(show_verbose_server_cert) {
-        char *certp;
-        result = CopyCertSubject(data, server_cert, &certp);
-        if(!result) {
-          infof(data, "Server certificate: %s", certp);
-          free(certp);
-        }
-      }
-#endif
-      if(data->set.ssl.certinfo)
-        result = add_cert_to_certinfo(data, server_cert, i);
+      result = collect_server_cert_single(data, server_cert, i);
     }
     CFRelease(trust);
   }
@@ -2942,18 +2952,7 @@ collect_server_cert(struct Curl_easy *data,
         result = Curl_ssl_init_certinfo(data, count);
       for(i = 0L ; !result && (i < count) ; i++) {
         server_cert = SecTrustGetCertificateAtIndex(trust, i);
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
-        if(show_verbose_server_cert) {
-          char *certp;
-          result = CopyCertSubject(data, server_cert, &certp);
-          if(!result) {
-            infof(data, "Server certificate: %s", certp);
-            free(certp);
-          }
-        }
-#endif
-        if(data->set.ssl.certinfo)
-          result = add_cert_to_certinfo(data, server_cert, i);
+        result = collect_server_cert_single(data, server_cert, i);
       }
       CFRelease(trust);
     }
@@ -2968,19 +2967,7 @@ collect_server_cert(struct Curl_easy *data,
         result = Curl_ssl_init_certinfo(data, count);
       for(i = 0L ; !result && (i < count) ; i++) {
         server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
-                                                                i);
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
-        if(show_verbose_server_cert) {
-          char *certp;
-          result = CopyCertSubject(data, server_cert, &certp);
-          if(!result) {
-            infof(data, "Server certificate: %s", certp);
-            free(certp);
-          }
-        }
-#endif
-        if(data->set.ssl.certinfo)
-          result = add_cert_to_certinfo(data, server_cert, i);
+        result = collect_server_cert_single(data, server_cert, i);
       }
       CFRelease(server_certs);
     }
@@ -2994,20 +2981,9 @@ collect_server_cert(struct Curl_easy *data,
     count = CFArrayGetCount(server_certs);
     if(data->set.ssl.certinfo)
       result = Curl_ssl_init_certinfo(data, count);
-    for(i = 0L ; result && (i < count) ; i++) {
+    for(i = 0L ; !result && (i < count) ; i++) {
       server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
-      char *certp;
-      result = CopyCertSubject(data, server_cert, &certp);
-      if(show_verbose_server_cert) {
-        if(!result) {
-          infof(data, "Server certificate: %s", certp);
-          free(certp);
-        }
-      }
-#endif
-      if(data->set.ssl.certinfo)
-        result = add_cert_to_certinfo(data, server_cert, i);
+      result = collect_server_cert_single(data, server_cert, i);
     }
     CFRelease(server_certs);
   }