summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2017-06-30 17:20:21 +0200
committerJulian Andres Klode <jak@debian.org>2017-06-30 17:20:21 +0200
commit6a0e7acbf01e22665d89a9c6556f3a8220a78756 (patch)
treec779eb2727f9180f3a13ffe1fa893f477160fb37
parent8f5db6b513b90b6ee5b625131a25b146fa912e0d (diff)
TLS support: Error out on unsupported curl options
Silently ignoring the options might be a security issue, so produce an error instead.
-rw-r--r--methods/connect.cc6
1 files changed, 4 insertions, 2 deletions
diff --git a/methods/connect.cc b/methods/connect.cc
index 0d4b3e26f..97057286e 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -697,8 +697,10 @@ bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd,
return _error->Error("Could not load CaInfo certificate: %s", gnutls_strerror(err));
}
- // TODO: IssuerCert AKA CURLOPT_ISSUERCERT
- // TODO: Emulate SslForceVersion AKA CURLOPT_SSLVERSION?
+ if (!Owner->ConfigFind("IssuerCert", "").empty())
+ return _error->Error("The option '%s' is not supported anymore", "IssuerCert");
+ if (!Owner->ConfigFind("SslForceVersion", "").empty())
+ return _error->Error("The option '%s' is not supported anymore", "SslForceVersion");
// For client authentication, certificate file ...
std::string const cert = Owner->ConfigFind("SslCert", "");