summaryrefslogtreecommitdiff
path: root/methods/https.cc
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2014-02-14 18:59:46 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2014-02-14 22:25:30 +0100
commit755d1e4f94f3a862adc951d3732c661906cd555d (patch)
treee246f02f0a34d154ba455aa92b86203893d2d321 /methods/https.cc
parent18cce3980f34dc33f9c798204a344a8c1e4de6ba (diff)
add a testcase to check for forbidden https→http downgrades
Git-Dch: Ignore
Diffstat (limited to 'methods/https.cc')
-rw-r--r--methods/https.cc3
1 files changed, 2 insertions, 1 deletions
diff --git a/methods/https.cc b/methods/https.cc
index 9422df2f0..e713be19f 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -188,7 +188,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
// options
curl_easy_setopt(curl, CURLOPT_NOPROGRESS, false);
curl_easy_setopt(curl, CURLOPT_FILETIME, true);
- // only allow redirects to https
+ // only allow curl to handle https, not the other stuff it supports
+ curl_easy_setopt(curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS);
curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS);
// SSL parameters are set by default to the common (non mirror-specific) value