Mike Hommey <mh@xxxxxxxxxxxx> writes: > Signed-off-by: Mike Hommey <mh@xxxxxxxxxxxx> > --- > http.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/http.c b/http.c > index 5925d07..519621a 100644 > --- a/http.c > +++ b/http.c > @@ -177,6 +177,7 @@ static CURL* get_curl_handle(void) > CURL* result = curl_easy_init(); > > curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify); > + curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, curl_ssl_verify * 2); > #if LIBCURL_VERSION_NUM >= 0x070907 > curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL); > #endif Is it just me who finds that "* 2" is extremely magical? diff --git a/http.c b/http.c index 5925d07..8dce820 100644 --- a/http.c +++ b/http.c @@ -176,7 +176,16 @@ static CURL* get_curl_handle(void) { CURL* result = curl_easy_init(); - curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify); + if (!curl_ssl_verify) { + curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0); + curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0); + } else { + /* Verify authenticity of the peer's certificate */ + curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1); + /* The name in the cert must match whom we tried to connect */ + curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2); + } + #if LIBCURL_VERSION_NUM >= 0x070907 curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL); #endif - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html