diff options
author | David Kalnischkies <david@kalnischkies.de> | 2014-02-14 18:59:46 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2014-02-14 22:25:30 +0100 |
commit | 755d1e4f94f3a862adc951d3732c661906cd555d (patch) | |
tree | e246f02f0a34d154ba455aa92b86203893d2d321 /methods/https.cc | |
parent | 18cce3980f34dc33f9c798204a344a8c1e4de6ba (diff) |
add a testcase to check for forbidden https→http downgrades
Git-Dch: Ignore
Diffstat (limited to 'methods/https.cc')
-rw-r--r-- | methods/https.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/methods/https.cc b/methods/https.cc index 9422df2f0..e713be19f 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -188,7 +188,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm) // options curl_easy_setopt(curl, CURLOPT_NOPROGRESS, false); curl_easy_setopt(curl, CURLOPT_FILETIME, true); - // only allow redirects to https + // only allow curl to handle https, not the other stuff it supports + curl_easy_setopt(curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS); curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS); // SSL parameters are set by default to the common (non mirror-specific) value |