From f2c60574908106c559e9fd2fea7115e024af0171 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 30 Jan 2003 05:15:57 +0000
Subject: [PATCH] curl now uses stricter VERIFYHOST by default and only uses a
 lesser check if --insecure is used. Reported by Hamish Mackenzie.

---
 src/main.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/main.c b/src/main.c
index efc43f86ea..b416e55c1d 100644
--- a/src/main.c
+++ b/src/main.c
@@ -2828,6 +2828,8 @@ operate(struct Configurable *config, int argc, char *argv[])
       curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, config->key_type);
       curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, config->key_passwd);
 
+      /* default to strict verifyhost */
+      curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
       if(config->cacert || config->capath) {
         if (config->cacert)
           curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert);
@@ -2835,15 +2837,13 @@ operate(struct Configurable *config, int argc, char *argv[])
         if (config->capath)
           curl_easy_setopt(curl, CURLOPT_CAPATH, config->capath);
         curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, TRUE);
-        curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
       }
-      else {
-        if(config->insecure_ok)
+      else
+        if(config->insecure_ok) {
           /* new stuff needed for libcurl 7.10 */
           curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
-
-        curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
-      }
+          curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
+        }
       
       if((config->conf&CONF_NOBODY) ||
          config->remote_time) {
-- 
GitLab