From: Stefan Eissing <stefan@eissing.org>
Date: Wed, 8 Oct 2025 09:56:09 +0000 (+0200)
Subject: apple sectrust: check correct result on old OS versions
X-Git-Tag: rc-8_17_0-3~267
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f02744c41fa4da0f25091dcce5c1e9e0c2220b5;p=thirdparty%2Fcurl.git

apple sectrust: check correct result on old OS versions

On ancient Apple OS versions where SecTrustEvaluateWithError() is not
available, the deprected SecTrustEvaluate() is used. In that code
branch, the code checked the wong variable for the verified result.

Closes #18929
---

diff --git a/lib/vtls/apple.c b/lib/vtls/apple.c
index b565c8f031..c96ebe037b 100644
--- a/lib/vtls/apple.c
+++ b/lib/vtls/apple.c
@@ -267,8 +267,8 @@ CURLcode Curl_vtls_apple_verify(struct Curl_cfilter *cf,
     if(status != noErr) {
       failf(data, "Apple SecTrust verification failed: error %i", (int)status);
     }
-    else if((status == kSecTrustResultUnspecified) ||
-            (status == kSecTrustResultProceed)) {
+    else if((sec_result == kSecTrustResultUnspecified) ||
+            (sec_result == kSecTrustResultProceed)) {
       /* "unspecified" means system-trusted with no explicit user setting */
       result = CURLE_OK;
     }