From 52b22cea95a1ba506ee633c1610bf241817ab529 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <kalnischkies@gmail.com>
Date: Wed, 12 Jan 2011 23:46:18 +0100
Subject: * methods/https.cc:   - fix CURLOPT_SSL_VERIFYHOST by really passing
 2 to it if enabled

---
 methods/https.cc | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'methods')

diff --git a/methods/https.cc b/methods/https.cc
index aa6786aa8..fc649d6c2 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -143,13 +143,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify);
 
    // ... and hostname against cert CN or subjectAltName
-   int default_verify = 2;
    bool verify = _config->FindB("Acquire::https::Verify-Host",true);
    knob = "Acquire::https::"+remotehost+"::Verify-Host";
    verify = _config->FindB(knob.c_str(),verify);
-   if (!verify)
-      default_verify = 0;
-   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify);
+   int const default_verify = (verify == true) ? 2 : 0;
+   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, default_verify);
 
    // Also enforce issuer of server certificate using its cert
    string issuercert = _config->Find("Acquire::https::IssuerCert","");
-- 
cgit v1.2.3