diff options
| author | Joe George <joe@zeroc.com> | 2016-09-16 11:15:03 -0400 |
|---|---|---|
| committer | Joe George <joe@zeroc.com> | 2016-09-16 11:17:07 -0400 |
| commit | f4c6a36ff0478567a474f92408ba9a5b8c903832 (patch) | |
| tree | 25c10e3518a0bd1006bd25c6a84f99d36e478b9b /cpp/src | |
| parent | Fix for ICE-7357 - catch exceptions raised by connection getInfo (diff) | |
| download | ice-f4c6a36ff0478567a474f92408ba9a5b8c903832.tar.bz2 ice-f4c6a36ff0478567a474f92408ba9a5b8c903832.tar.xz ice-f4c6a36ff0478567a474f92408ba9a5b8c903832.zip | |
Fix ICE-7338
C++ IceSSL/configuration failures on macOS Sierra.
Diffstat (limited to 'cpp/src')
| -rw-r--r-- | cpp/src/IceSSL/SecureTransportTransceiverI.cpp | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp index 2b4dff3ab25..39f73bb568a 100644 --- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +++ b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp @@ -136,7 +136,7 @@ checkTrustResult(SecTrustRef trust, const SecureTransportEnginePtr& engine, cons } default: // case kSecTrustResultInvalid: - // //case kSecTrustResultConfirm: // Used in old OS X versions + // case kSecTrustResultConfirm: // Used in old OS X versions // case kSecTrustResultDeny: // case kSecTrustResultRecoverableTrustFailure: // case kSecTrustResultFatalTrustFailure: @@ -225,14 +225,11 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B { assert(!_trust); err = SSLCopyPeerTrust(_ssl, &_trust); - if(_incoming && err == errSSLBadCert && _engine->getVerifyPeer() == 1) + if(_incoming && _engine->getVerifyPeer() == 1 && (err == errSSLBadCert || _trust == 0)) { - // - // This is expected if the client doesn't provide a - // certificate (occurs since 10.10). The server is - // configured to verify to not require the client - // certificate so we ignore the failure. - // + // This is expected if the client doesn't provide a certificate. With 10.10 and 10.11 errSSLBadCert + // is expected, the server is configured to verify but not require the client + // certificate so we ignore the failure. In 10.12 there is no error and trust is 0. continue; } if(err == noErr) |