diff options
| author | David Kalnischkies <kalnischkies@gmail.com> | 2011-01-12 23:46:18 +0100 |
|---|---|---|
| committer | David Kalnischkies <kalnischkies@gmail.com> | 2011-01-12 23:46:18 +0100 |
| commit | 52b22cea95a1ba506ee633c1610bf241817ab529 (patch) | |
| tree | bf7cc32b2e7b0a9e2f4f1835e20e6eada2a5e88e /methods | |
| parent | e3d26885659348e897774ea6f08f296f4b900781 (diff) | |
* methods/https.cc:
- fix CURLOPT_SSL_VERIFYHOST by really passing 2 to it if enabled
Diffstat (limited to 'methods')
| -rw-r--r-- | methods/https.cc | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/methods/https.cc b/methods/https.cc index aa6786aa8..fc649d6c2 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -143,13 +143,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm) curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify); // ... and hostname against cert CN or subjectAltName - int default_verify = 2; bool verify = _config->FindB("Acquire::https::Verify-Host",true); knob = "Acquire::https::"+remotehost+"::Verify-Host"; verify = _config->FindB(knob.c_str(),verify); - if (!verify) - default_verify = 0; - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify); + int const default_verify = (verify == true) ? 2 : 0; + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, default_verify); // Also enforce issuer of server certificate using its cert string issuercert = _config->Find("Acquire::https::IssuerCert",""); |