merged from lp:~mvo/apt/mvo (which is really lp:~donkult/apt/sid with some updated comments ;)

author: Michael Vogt <mvo@debian.org> 2011-02-08 10:27:51 +0100
committer: Michael Vogt <mvo@debian.org> 2011-02-08 10:27:51 +0100
commit: 09b8bd3226a68272f98e4020d10348ff26642500 (patch)
tree: 1394a74a187ce61982c6c8649721de2f543459a1 /methods/https.cc
parent: 7c748f4aa1bd47089672353fd1a401d1c5c94723 (diff)
parent: 4c6cf49317769725fee34a132c52ec1fe076b8b5 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/methods/https.cc b/methods/https.cc
index aa6786aa8..fc649d6c2 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -143,13 +143,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify);
 
    // ... and hostname against cert CN or subjectAltName
-   int default_verify = 2;
    bool verify = _config->FindB("Acquire::https::Verify-Host",true);
    knob = "Acquire::https::"+remotehost+"::Verify-Host";
    verify = _config->FindB(knob.c_str(),verify);
-   if (!verify)
-      default_verify = 0;
-   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify);
+   int const default_verify = (verify == true) ? 2 : 0;
+   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, default_verify);
 
    // Also enforce issuer of server certificate using its cert
    string issuercert = _config->Find("Acquire::https::IssuerCert","");
author	Michael Vogt <mvo@debian.org>	2011-02-08 10:27:51 +0100
committer	Michael Vogt <mvo@debian.org>	2011-02-08 10:27:51 +0100
commit	09b8bd3226a68272f98e4020d10348ff26642500 (patch)
tree	1394a74a187ce61982c6c8649721de2f543459a1 /methods/https.cc
parent	7c748f4aa1bd47089672353fd1a401d1c5c94723 (diff)
parent	4c6cf49317769725fee34a132c52ec1fe076b8b5 (diff)