Use default values for SSL peer and host validation.

Recent versions of libcurl do not allow CUROPT_SSL_VERIFYHOST to be
set to 1.

The default in cURL has been to validate both the certificate and the
host since 2002. Setting these options is therefore unnecessary.

Thanks to Nikola Ivačič for notifying us about this problem!

git-svn-id: https://modmellon.googlecode.com/svn/trunk@216 a716ebb1-153a-0410-b759-cfb97c6a1b53

1 files changed, 0 insertions, 18 deletions

diff --git a/auth_mellon_httpclient.c b/auth_mellon_httpclient.c
index 5d274ba..90a58f4 100644
--- a/auth_mellon_httpclient.c
+++ b/auth_mellon_httpclient.c
@@ -294,24 +294,6 @@ static CURL *am_httpclient_init_curl(request_rec *r, const char *uri,
         goto cleanup_fail;
     }
 
-    /* Enable SSL peer certificate verification. */
-    res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
-    if(res != CURLE_OK) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                      "Failed to enable SSL peer certificate verification:"
-                      " [%u] %s", res, curl_error);
-        goto cleanup_fail;
-    }
-
-    /* Enable SSL peer hostname verification. */
-    res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1L);
-    if(res != CURLE_OK) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                      "Failed to enable SSL peer hostname verification:"
-                      " [%u] %s", res, curl_error);
-        goto cleanup_fail;
-    }
-
     /* If we have a CA configured, try to use it */
     if (cfg->idp_ca_file != NULL) {
         res = curl_easy_setopt(curl, CURLOPT_CAINFO, cfg->idp_ca_file);