summaryrefslogtreecommitdiff
path: root/src/check_curl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/check_curl.c')
-rw-r--r--src/check_curl.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/src/check_curl.c b/src/check_curl.c
index cfef2cf..774e9ec 100644
--- a/src/check_curl.c
+++ b/src/check_curl.c
@@ -161,21 +161,22 @@ int main( int argc, char *argv[] ) {
}
/* --cacert: CA certificate file to verify SSL connection against (SSL) */
- curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 );
if( args_info.cacert_given ) {
curl_easy_setopt( curl, CURLOPT_CAINFO, args_info.cacert_arg );
- curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1 );
+ /* per default if we have a CA verify both the peer and the
+ * hostname in the certificate, can be switched off later */
+ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 2 );
+ curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 );
}
- /* --insecure: choose level of CA chain validation (SSL) */
- if( args_info.insecure_given ) {
- curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 0 );
+ /* --no-verify-peer: choose level of CA chain validation (SSL) */
+ if( args_info.no_verify_peer_given ) {
+ curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 1 );
+ }
- /* --verify-host: make it an additional option, not as in curl! (SSL) */
+ /* --no-verify-host: make it an additional option, not as in curl! (SSL) */
+ if( args_info.no_verify_host_given ) {
curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 1 );
- if( args_info.verify_host_given ) {
- curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 );
- }
}
/* --cert: client certificate to present to server (SSL) */
generated by cgit v1.2.3-54-g00ecf (git 2.44.0) at 2024-05-04 08:48:20 +0000