diff options
author | David Kalnischkies <david@kalnischkies.de> | 2014-02-14 18:59:46 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2014-02-14 19:15:43 +0100 |
commit | 889b0072a93a5afe9ffec93ab791d584c64754a0 (patch) | |
tree | 64f1d18d6c377144541548e4117e83d2d9f5f81e /methods | |
parent | 5543218acdbbeef1d9f6d118e0b86a765c341430 (diff) |
add a testcase to check for forbidden https→http downgrades
Git-Dch: Ignore
Diffstat (limited to 'methods')
-rw-r--r-- | methods/https.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/methods/https.cc b/methods/https.cc index 9422df2f0..e713be19f 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -188,7 +188,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm) // options curl_easy_setopt(curl, CURLOPT_NOPROGRESS, false); curl_easy_setopt(curl, CURLOPT_FILETIME, true); - // only allow redirects to https + // only allow curl to handle https, not the other stuff it supports + curl_easy_setopt(curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS); curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS); // SSL parameters are set by default to the common (non mirror-specific) value |