summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2013-06-07 11:47:02 +0000
committerolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2013-06-07 11:47:02 +0000
commit764a70d1c84a4195d9db117f1fbcb17a94cd49de (patch)
tree51b13328cb0b15a9766b2da61fd82fab37bd18c1
parentedd4e78db44bde2c14e36ded7759e5300ee71e5e (diff)
downloadmod_auth_mellon-764a70d1c84a4195d9db117f1fbcb17a94cd49de.zip
mod_auth_mellon-764a70d1c84a4195d9db117f1fbcb17a94cd49de.tar.gz
mod_auth_mellon-764a70d1c84a4195d9db117f1fbcb17a94cd49de.tar.xz
Use default values for SSL peer and host validation.
Recent versions of libcurl do not allow CUROPT_SSL_VERIFYHOST to be set to 1. The default in cURL has been to validate both the certificate and the host since 2002. Setting these options is therefore unnecessary. Thanks to Nikola Ivačič for notifying us about this problem! git-svn-id: https://modmellon.googlecode.com/svn/trunk@216 a716ebb1-153a-0410-b759-cfb97c6a1b53
-rw-r--r--auth_mellon_httpclient.c18
1 files changed, 0 insertions, 18 deletions
diff --git a/auth_mellon_httpclient.c b/auth_mellon_httpclient.c
index 5d274ba..90a58f4 100644
--- a/auth_mellon_httpclient.c
+++ b/auth_mellon_httpclient.c
@@ -294,24 +294,6 @@ static CURL *am_httpclient_init_curl(request_rec *r, const char *uri,
goto cleanup_fail;
}
- /* Enable SSL peer certificate verification. */
- res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
- if(res != CURLE_OK) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Failed to enable SSL peer certificate verification:"
- " [%u] %s", res, curl_error);
- goto cleanup_fail;
- }
-
- /* Enable SSL peer hostname verification. */
- res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1L);
- if(res != CURLE_OK) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Failed to enable SSL peer hostname verification:"
- " [%u] %s", res, curl_error);
- goto cleanup_fail;
- }
-
/* If we have a CA configured, try to use it */
if (cfg->idp_ca_file != NULL) {
res = curl_easy_setopt(curl, CURLOPT_CAINFO, cfg->idp_ca_file);