From 7ea8113c2f8172a3d9a87b45322122bfa7737de8 Mon Sep 17 00:00:00 2001
From: Artak Galoyan <agaloyan@vmware.com>
Date: Thu, 5 Oct 2017 15:43:13 -0400
Subject: [PATCH] ssl: Update the current connection SSL params in
 curl_easy_setopt().

Now VERIFYHOST and VERIFYPEER options change during active connection
updates the current connection's (i.e.'connectdata' structure)
appropriate ssl_config (and ssl_proxy_config) structures variables,
making these options effective for ongoing connection.

This functionality was available before and was broken by the
following change:
"proxy: Support HTTPS proxy and SOCKS+HTTP(s)"
CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151.

bug: https://github.com/curl/curl/issues/1941
---
 lib/url.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/lib/url.c b/lib/url.c
index 584635bc3fd489..d77acf4f5fbd5b 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2142,6 +2142,11 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
      */
     data->set.ssl.primary.verifypeer = (0 != va_arg(param, long)) ?
                                        TRUE : FALSE;
+    /* Sync the current connection ssl_config. */
+    if(data->easy_conn) {
+      data->easy_conn->ssl_config.verifypeer =
+        data->set.ssl.primary.verifypeer;
+    }
     break;
   case CURLOPT_PROXY_SSL_VERIFYPEER:
     /*
@@ -2149,6 +2154,11 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
      */
     data->set.proxy_ssl.primary.verifypeer =
       (0 != va_arg(param, long))?TRUE:FALSE;
+    /* Sync the current connection proxy_ssl_config. */
+    if(data->easy_conn) {
+      data->easy_conn->proxy_ssl_config.verifypeer =
+        data->set.proxy_ssl.primary.verifypeer;
+    }
     break;
   case CURLOPT_SSL_VERIFYHOST:
     /*
@@ -2167,6 +2177,11 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
     }
 
     data->set.ssl.primary.verifyhost = (0 != arg) ? TRUE : FALSE;
+    /* Sync the current connection ssl_config. */
+    if(data->easy_conn) {
+      data->easy_conn->ssl_config.verifyhost =
+        data->set.ssl.primary.verifyhost;
+    }
     break;
   case CURLOPT_PROXY_SSL_VERIFYHOST:
     /*
@@ -2185,6 +2200,11 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
     }
 
     data->set.proxy_ssl.primary.verifyhost = (0 != arg)?TRUE:FALSE;
+    /* Sync the current connection proxy_ssl_config. */
+    if(data->easy_conn) {
+      data->easy_conn->proxy_ssl_config.verifyhost =
+        data->set.proxy_ssl.primary.verifyhost;
+    }
     break;
   case CURLOPT_SSL_VERIFYSTATUS:
     /*