Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Backward compatibility issue with CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options. #1941
Starting from "proxy: Support HTTPS proxy and SOCKS+HTTP(s)" (cb4e2be) change it is not possible anymore to change
Because SSL configuration options were moved to connectdata structure which is created at connecting phase, they are not affected by curl_easy_setopt function anymore for current connection.
The old behavior was very helpful in the following two use cases:
In both cases both options (CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST) set to TRUE before connection initialization.
We are using libcurl and openssl 1.0.1/1.0.2 almost 4 years in our projects and this is first time when we stucked on update.
I suggest to update data->easy_conn->ssl_config fields in curl_easy_setopt functions along with data->set.ssl.primary, i.e.
in url.c: ~2137 for case CURLOPT_SSL_VERIFYPEER: after the following lines:
update the current connection appropriate SSL variables:
... similar code need to be applied for CURLOPT_PROXY_SSL_VERIFYPEER, CURLOPT_SSL_VERIFYHOST and CURLOPT_PROXY_SSL_VERIFYHOST cases.
win32, lin32 and lin64.
Thank you for this detailed report.
I'm inclined to agree with you that this is a regression and not quite intended. I certainly did not consider this properly when I reviewed and accept that patch set.
Are you able and interested in providing a PR for this? Since you seem to have decent way to test/reproduce it and all.
referenced this issue
Oct 5, 2017
I see no problems? The CI builds/tests are still ongoing so they're yellow circles. They should end up green checkmarks when everything is fine, or red crosses if some builds fail. Let's monitor what happens and see what to do. The CI tests can take a few hours to complete.