From 0e0caf7c063c282fb35b8ab87fde1d38fe32d489 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 30 Aug 2002 11:09:49 +0000
Subject: CURLE_SSL_INSECURE is removed again and so is CURLOPT_SSL_INSECURE,
 we proceed fine with the already existing options, just having a different
 internal library default for capath.

---
 src/main.c | 41 +++++++++++++----------------------------
 1 file changed, 13 insertions(+), 28 deletions(-)

(limited to 'src/main.c')

diff --git a/src/main.c b/src/main.c
index e12bdc4b8..fa2b43f38 100644
--- a/src/main.c
+++ b/src/main.c
@@ -2721,13 +2721,21 @@ operate(struct Configurable *config, int argc, char *argv[])
       curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, config->key_passwd);
 
       if(config->cacert || config->capath) {
-        if (config->cacert) curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert);
-        if (config->capath) curl_easy_setopt(curl, CURLOPT_CAPATH, config->capath);
+        if (config->cacert)
+          curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert);
+
+        if (config->capath)
+          curl_easy_setopt(curl, CURLOPT_CAPATH, config->capath);
         curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, TRUE);
         curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
       }
-      else
+      else {
+        if(config->insecure_ok)
+          /* new stuff needed for libcurl 7.10 */
+          curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
+
         curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
+      }
       
       if((config->conf&CONF_NOBODY) ||
          config->remote_time) {
@@ -2798,9 +2806,6 @@ operate(struct Configurable *config, int argc, char *argv[])
       }
       curl_easy_setopt(curl, CURLOPT_VERBOSE, config->conf&CONF_VERBOSE);
 
-      /* new in curl 7.10 */
-      curl_easy_setopt(curl, CURLOPT_SSL_INSECURE, config->insecure_ok);
-      
       res = curl_easy_perform(curl);
         
       if((config->progressmode == CURL_PROGRESS_BAR) &&
@@ -2823,28 +2828,8 @@ operate(struct Configurable *config, int argc, char *argv[])
         vms_show = VMSSTS_HIDE;
       }
 #else
-      if((res!=CURLE_OK) && config->showerror) {
-        switch(res) {
-        case CURLE_SSL_INSECURE:
-          /* Since this breaks how curl used to work, we need a slightly more
-             verbose and descriptive error here to educate people what is
-             happening and what to do to make it work. At least for a
-             while. */
-          fprintf(config->errors, "curl: (%d) %s\n%s", res,
-                  errorbuffer,
-                  "      Since SSL doesn't offer any true security if you don't use a CA\n"
-                  "      certificate to verify the peer certificate with, you must either\n"
-                  "      provide one to make sure that the server really is the server you\n"
-                  "      think it is, or you must explicitly tell curl that insecure SSL\n"
-                  "      connects are fine.\n"
-                  "      Allow insecure SSL operations with -k/--insecure\n"
-                  );
-          break;
-        default:
-          fprintf(config->errors, "curl: (%d) %s\n", res, errorbuffer);
-          break;
-        }
-      }
+      if((res!=CURLE_OK) && config->showerror)
+        fprintf(config->errors, "curl: (%d) %s\n", res, errorbuffer);
 #endif
 
       if (outfile && !strequal(outfile, "-") && outs.stream)
-- 
cgit v1.2.3