Use default values for SSL peer and host validation.

Recent versions of libcurl do not allow CUROPT_SSL_VERIFYHOST to be set to 1. The default in cURL has been to validate both the certificate and the host since 2002. Setting these options is therefore unnecessary. Thanks to Nikola Ivačič for notifying us about this problem! git-svn-id: https://modmellon.googlecode.com/svn/trunk@216 a716ebb1-153a-0410-b759-cfb97c6a1b53
2013-06-07 11:47:02 +00:00 · 2013-06-07 11:47:02 +00:00 · 764a70d1c8
parent edd4e78db4
commit 764a70d1c8
1 changed files with 0 additions and 18 deletions
--- a/auth_mellon_httpclient.c
+++ b/auth_mellon_httpclient.c
@ -294,24 +294,6 @@ static CURL *am_httpclient_init_curl(request_rec *r, const char *uri,
        goto cleanup_fail;
    }

-    /* Enable SSL peer certificate verification. */
-    res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
-    if(res != CURLE_OK) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                      "Failed to enable SSL peer certificate verification:"
-                      " [%u] %s", res, curl_error);
-        goto cleanup_fail;
-    }
-
-    /* Enable SSL peer hostname verification. */
-    res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1L);
-    if(res != CURLE_OK) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                      "Failed to enable SSL peer hostname verification:"
-                      " [%u] %s", res, curl_error);
-        goto cleanup_fail;
-    }
-
    /* If we have a CA configured, try to use it */
    if (cfg->idp_ca_file != NULL) {
        res = curl_easy_setopt(curl, CURLOPT_CAINFO, cfg->idp_ca_file);