Use default values for SSL peer and host validation.
Recent versions of libcurl do not allow CUROPT_SSL_VERIFYHOST to be set to 1. The default in cURL has been to validate both the certificate and the host since 2002. Setting these options is therefore unnecessary. Thanks to Nikola Ivačič for notifying us about this problem! git-svn-id: https://modmellon.googlecode.com/svn/trunk@216 a716ebb1-153a-0410-b759-cfb97c6a1b53
This commit is contained in:
parent
edd4e78db4
commit
764a70d1c8
|
@ -294,24 +294,6 @@ static CURL *am_httpclient_init_curl(request_rec *r, const char *uri,
|
|||
goto cleanup_fail;
|
||||
}
|
||||
|
||||
/* Enable SSL peer certificate verification. */
|
||||
res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
|
||||
if(res != CURLE_OK) {
|
||||
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
|
||||
"Failed to enable SSL peer certificate verification:"
|
||||
" [%u] %s", res, curl_error);
|
||||
goto cleanup_fail;
|
||||
}
|
||||
|
||||
/* Enable SSL peer hostname verification. */
|
||||
res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1L);
|
||||
if(res != CURLE_OK) {
|
||||
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
|
||||
"Failed to enable SSL peer hostname verification:"
|
||||
" [%u] %s", res, curl_error);
|
||||
goto cleanup_fail;
|
||||
}
|
||||
|
||||
/* If we have a CA configured, try to use it */
|
||||
if (cfg->idp_ca_file != NULL) {
|
||||
res = curl_easy_setopt(curl, CURLOPT_CAINFO, cfg->idp_ca_file);
|
||||
|
|
Loading…
Reference in New Issue