curl now uses stricter VERIFYHOST by default and only uses a lesser check

author Daniel Stenberg <daniel@haxx.se>

Thu, 30 Jan 2003 05:15:57 +0000 (05:15 +0000)

committer Daniel Stenberg <daniel@haxx.se>

Thu, 30 Jan 2003 05:15:57 +0000 (05:15 +0000)
author Daniel Stenberg <daniel@haxx.se>
Thu, 30 Jan 2003 05:15:57 +0000 (05:15 +0000)
committer Daniel Stenberg <daniel@haxx.se>
Thu, 30 Jan 2003 05:15:57 +0000 (05:15 +0000)
diff --git a/src/main.c b/src/main.c

index efc43f86ea1a2712176bd71b162c10107b9c58b9..b416e55c1d6084ea5d9fd64e6600a14ac0945635 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -2828,6 +2828,8 @@ operate(struct Configurable *config, int argc, char *argv[])
        curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, config->key_type);
        curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, config->key_passwd);
  
+      /* default to strict verifyhost */
+      curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
        if(config->cacert || config->capath) {
          if (config->cacert)
            curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert);
@@ -2835,15 +2837,13 @@ operate(struct Configurable *config, int argc, char *argv[])
          if (config->capath)
            curl_easy_setopt(curl, CURLOPT_CAPATH, config->capath);
          curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, TRUE);
-        curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
        }
-      else {
-        if(config->insecure_ok)
+      else
+        if(config->insecure_ok) {
            /* new stuff needed for libcurl 7.10 */
            curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
-
-        curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
-      }
+          curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
+        }
        
        if((config->conf&CONF_NOBODY) ||
           config->remote_time) {
author	Daniel Stenberg <daniel@haxx.se>
	Thu, 30 Jan 2003 05:15:57 +0000 (05:15 +0000)
committer	Daniel Stenberg <daniel@haxx.se>
	Thu, 30 Jan 2003 05:15:57 +0000 (05:15 +0000)