diff options
Diffstat (limited to 'lib/url.c')
-rw-r--r-- | lib/url.c | 22 |
1 files changed, 19 insertions, 3 deletions
@@ -1004,10 +1004,11 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...) break; case CURLOPT_CAPATH: /* - * Set CA path info for SSL connection. Specify directory name of the CA certificates - * which have been prepared using openssl c_rehash utility. + * Set CA path info for SSL connection. Specify directory name of the CA + * certificates which have been prepared using openssl c_rehash utility. */ - data->set.ssl.CApath = va_arg(param, char *); /*This does not work on windows.*/ + /* This does not work on windows. */ + data->set.ssl.CApath = va_arg(param, char *); break; case CURLOPT_TELNETOPTIONS: /* @@ -1048,6 +1049,10 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...) } break; + case CURLOPT_SSL_INSECURE: + data->set.ssl.allow_insecure = va_arg(param, long)?TRUE:FALSE; + break; + default: /* unknown tag and its companion, just ignore: */ return CURLE_FAILED_INIT; /* correct this */ @@ -2035,6 +2040,17 @@ static CURLcode CreateConnection(struct SessionHandle *data, return CURLE_UNSUPPORTED_PROTOCOL; } + if(conn->protocol & PROT_SSL) { + /* If SSL is requested, require security level info */ + + if(!data->set.ssl.allow_insecure && + !(data->set.ssl.CAfile || data->set.ssl.CApath)) { + failf(data, "Insecure SSL connect attempted without explicit permission granted"); + return CURLE_SSL_INSECURE; + } + } + + /************************************************************* * Figure out the remote port number * |