From dc95fee18e8df2b00404c7d0f321f5b78e00f170 Mon Sep 17 00:00:00 2001
From: Michael Vogt <mvo@debian.org>
Date: Fri, 14 Feb 2014 17:11:07 +0100
Subject: disable https->http redirects in libcurl

This change prevents changing the protocol from https to http.
---
 methods/https.cc | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'methods')

diff --git a/methods/https.cc b/methods/https.cc
index d97fddf9e..9422df2f0 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -185,8 +185,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, this);
    curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress_callback);
    curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, this);
+   // options
    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, false);
    curl_easy_setopt(curl, CURLOPT_FILETIME, true);
+   // only allow redirects to https
+   curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS);
 
    // SSL parameters are set by default to the common (non mirror-specific) value
    // if available (or a default one) and gets overload by mirror-specific ones.
-- 
cgit v1.2.3