if(APPLE)
option(USE_APPLE_SECTRUST "Use Apple OS-native certificate verification" OFF)
if(USE_APPLE_SECTRUST)
+ if(NOT CURL_USE_OPENSSL AND NOT CURL_USE_GNUTLS)
+ message(FATAL_ERROR "Apple SecTrust is only supported with Openssl/GnuTLS")
+ endif()
find_library(COREFOUNDATION_FRAMEWORK NAMES "Security")
mark_as_advanced(COREFOUNDATION_FRAMEWORK)
if(NOT COREFOUNDATION_FRAMEWORK)
curl_add_if("PSL" USE_LIBPSL)
curl_add_if("CAcert" CURL_CA_EMBED_SET)
curl_add_if("SSLS-EXPORT" _ssl_enabled AND USE_SSLS_EXPORT)
+curl_add_if("AppleSecTrust" USE_APPLE_SECTRUST AND _ssl_enabled AND (USE_OPENSSL OR USE_GNUTLS))
if(_items)
if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.13)
list(SORT _items CASE INSENSITIVE)
fi
fi
+if test "x$APPLE_SECTRUST_ENABLED" = "x1"; then
+ SUPPORT_FEATURES="$SUPPORT_FEATURES AppleSecTrust"
+fi
+
if test "x$want_httpsrr" != "xno"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPSRR"
fi
HTTP Alt-Svc parsing and the associated options (Added in 7.64.1)
+## `AppleSecTrust`
+
+*features* mask bit: non-existent
+
+libcurl was built with support for Apple's SecTrust service to verify
+server certificates (Added in 8.17.0).
+
## `AsynchDNS`
*features* mask bit: CURL_VERSION_ASYNCHDNS
#ifdef USE_LIBPSL
FEATURE("PSL", NULL, CURL_VERSION_PSL),
#endif
+#ifdef USE_APPLE_SECTRUST
+ FEATURE("AppleSecTrust", NULL, 0),
+#endif
#ifdef USE_SPNEGO
FEATURE("SPNEGO", NULL, CURL_VERSION_SPNEGO),
#endif
#include "vtls.h"
#include "apple.h"
-#if defined(USE_SSL) && defined(USE_APPLE_SECTRUST)
+#ifdef USE_APPLE_SECTRUST
#include <Security/Security.h>
-#endif /* USE_SSL && USE_APPLE_SECTRUST */
+#endif
/* The last #include files should be: */
#include "../curl_memory.h"
#include "../memdebug.h"
-#if defined(USE_SSL) && defined(USE_APPLE_SECTRUST)
+#ifdef USE_APPLE_SECTRUST
#define SSL_SYSTEM_VERIFIER
#if (defined(MAC_OS_X_VERSION_MAX_ALLOWED) \
return result;
}
-#endif /* USE_SSL && USE_APPLE_SECTRUST */
+#endif /* USE_APPLE_SECTRUST */
#include "../curl_setup.h"
-#if defined(USE_SSL) && defined(USE_APPLE_SECTRUST)
+#ifdef USE_APPLE_SECTRUST
struct Curl_cfilter;
struct Curl_easy;
struct ssl_peer;
void *cb_user_data,
const unsigned char *ocsp_buf,
size_t ocsp_len);
-#endif /* USE_SSL && USE_APPLE_SECTRUST */
+#endif /* USE_APPLE_SECTRUST */
#endif /* HEADER_CURL_VTLS_APPLE_H */
#ifdef USE_APPLE_SECTRUST
#include <Security/Security.h>
-#endif /* USE_APPLE_SECTRUST */
+#endif
/* The last #include files should be: */
#include "../curl_memory.h"
],[
build_for_apple="no"
])
- if test "x$build_for_apple" != "xno"; then
+ if test "x$build_for_apple" == "xno"; then
+ AC_MSG_ERROR([Apple SecTrust can only be enabled for Apple OS targets])
+ fi
+ if test "x$OPENSSL_ENABLED" == "x1" -o "x$GNUTLS_ENABLED" == "x1"; then
AC_MSG_RESULT(yes)
AC_DEFINE(USE_APPLE_SECTRUST, 1, [enable Apple OS certificate validation])
APPLE_SECTRUST_ENABLED=1
LDFLAGS="$LDFLAGS $APPLE_SECTRUST_LDFLAGS"
LDFLAGSPC="$LDFLAGSPC $APPLE_SECTRUST_LDFLAGS"
else
- AC_MSG_RESULT(no)
+ AC_MSG_ERROR([Apple SecTrust is only supported for OpenSSL/GnuTLS builds])
fi
else
AC_MSG_RESULT(no)
projects / thirdparty / curl.git / commitdiff
