apple sectrust: fix ancient evaluation

author Stefan Eissing <stefan@eissing.org>

Wed, 17 Dec 2025 11:31:39 +0000 (12:31 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Mon, 22 Dec 2025 22:00:08 +0000 (23:00 +0100)
author Stefan Eissing <stefan@eissing.org>
Wed, 17 Dec 2025 11:31:39 +0000 (12:31 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Mon, 22 Dec 2025 22:00:08 +0000 (23:00 +0100)
diff --git a/lib/vtls/apple.c b/lib/vtls/apple.c

index 0b81e95e86f772017eb750e5792a16ac1cb40273..9779e11eaac6500c93c8388399bfe13ec1d42527 100644 (file)
--- a/lib/vtls/apple.c
+++ b/lib/vtls/apple.c
@@ -261,12 +261,17 @@ CURLcode Curl_vtls_apple_verify(struct Curl_cfilter *cf,
  
      if(status != noErr) {
        failf(data, "Apple SecTrust verification failed: error %i", (int)status);
+      result = CURLE_PEER_FAILED_VERIFICATION;
      }
      else if((sec_result == kSecTrustResultUnspecified) ||
              (sec_result == kSecTrustResultProceed)) {
        /* "unspecified" means system-trusted with no explicit user setting */
        result = CURLE_OK;
      }
+    else {
+      /* Any other trust result is a verification failure in this context */
+      result = CURLE_PEER_FAILED_VERIFICATION;
+    }
  #endif /* REQUIRES_SecTrustEvaluateWithError */
    }
author	Stefan Eissing <stefan@eissing.org>
	Wed, 17 Dec 2025 11:31:39 +0000 (12:31 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Mon, 22 Dec 2025 22:00:08 +0000 (23:00 +0100)