diff options
author | Julian Andres Klode <jak@debian.org> | 2017-06-30 17:20:21 +0200 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2017-06-30 17:20:21 +0200 |
commit | 6a0e7acbf01e22665d89a9c6556f3a8220a78756 (patch) | |
tree | c779eb2727f9180f3a13ffe1fa893f477160fb37 /methods/connect.cc | |
parent | 8f5db6b513b90b6ee5b625131a25b146fa912e0d (diff) |
TLS support: Error out on unsupported curl options
Silently ignoring the options might be a security issue,
so produce an error instead.
Diffstat (limited to 'methods/connect.cc')
-rw-r--r-- | methods/connect.cc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/methods/connect.cc b/methods/connect.cc index 0d4b3e26f..97057286e 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -697,8 +697,10 @@ bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd, return _error->Error("Could not load CaInfo certificate: %s", gnutls_strerror(err)); } - // TODO: IssuerCert AKA CURLOPT_ISSUERCERT - // TODO: Emulate SslForceVersion AKA CURLOPT_SSLVERSION? + if (!Owner->ConfigFind("IssuerCert", "").empty()) + return _error->Error("The option '%s' is not supported anymore", "IssuerCert"); + if (!Owner->ConfigFind("SslForceVersion", "").empty()) + return _error->Error("The option '%s' is not supported anymore", "SslForceVersion"); // For client authentication, certificate file ... std::string const cert = Owner->ConfigFind("SslCert", ""); |