1 files changed, 14 insertions, 17 deletions

diff --git a/lib/url.c b/lib/url.c
index c9aa3042a..f8d647491 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -111,6 +111,7 @@
 #include "ldap.h"
 #include "url.h"
 #include "connect.h"
+#include "ca-bundle.h"
 
 #include <curl/types.h>
 
@@ -293,12 +294,23 @@ CURLcode Curl_open(struct SessionHandle **curl)
     free(data);
     return CURLE_OUT_OF_MEMORY;
   }
-  
+
+  /*
+   * libcurl 7.10 introduces SSL verification *by default*! This needs to be
+   * switched off unless wanted.
+   */
+  data->set.ssl.verifypeer = TRUE;
+  data->set.ssl.verifyhost = 2;
+#ifdef CURL_CA_BUNDLE
+  /* This is our prefered CA cert bundle since install time */
+  data->set.ssl.CAfile = CURL_CA_BUNDLE;
+#endif
+
+
   memset(data->state.connects, 0,
          sizeof(struct connectdata *)*data->state.numconnects);
 
   *curl = data;
-
   return CURLE_OK;
 }
 
@@ -1051,10 +1063,6 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
     }
     break;
 
-  case CURLOPT_SSL_INSECURE:
-    data->set.ssl.allow_insecure = va_arg(param, long)?TRUE:FALSE;
-    break;
-
   case CURLOPT_PROXYTYPE:
     /*
      * Set proxy type. HTTP/SOCKS4/SOCKS5
@@ -2247,17 +2255,6 @@ static CURLcode CreateConnection(struct SessionHandle *data,
     return CURLE_UNSUPPORTED_PROTOCOL;
   }
 
-  if(conn->protocol & PROT_SSL) {
-    /* If SSL is requested, require security level info */
-
-    if(!data->set.ssl.allow_insecure &&
-       !(data->set.ssl.CAfile || data->set.ssl.CApath)) {
-      failf(data, "Insecure SSL connect attempted without explicit permission granted");
-      return CURLE_SSL_INSECURE;
-    }
-  }
-
-
   /*************************************************************
    * Figure out the remote port number
    *