summaryrefslogtreecommitdiff
path: root/methods/https.cc
diff options
context:
space:
mode:
authorDavid Kalnischkies <kalnischkies@gmail.com>2011-01-12 23:46:18 +0100
committerDavid Kalnischkies <kalnischkies@gmail.com>2011-01-12 23:46:18 +0100
commit52b22cea95a1ba506ee633c1610bf241817ab529 (patch)
treebf7cc32b2e7b0a9e2f4f1835e20e6eada2a5e88e /methods/https.cc
parente3d26885659348e897774ea6f08f296f4b900781 (diff)
* methods/https.cc:
- fix CURLOPT_SSL_VERIFYHOST by really passing 2 to it if enabled
Diffstat (limited to 'methods/https.cc')
-rw-r--r--methods/https.cc6
1 files changed, 2 insertions, 4 deletions
diff --git a/methods/https.cc b/methods/https.cc
index aa6786aa8..fc649d6c2 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -143,13 +143,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify);
// ... and hostname against cert CN or subjectAltName
- int default_verify = 2;
bool verify = _config->FindB("Acquire::https::Verify-Host",true);
knob = "Acquire::https::"+remotehost+"::Verify-Host";
verify = _config->FindB(knob.c_str(),verify);
- if (!verify)
- default_verify = 0;
- curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify);
+ int const default_verify = (verify == true) ? 2 : 0;
+ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, default_verify);
// Also enforce issuer of server certificate using its cert
string issuercert = _config->Find("Acquire::https::IssuerCert","");