From: Orgad Shaneh <orgad.shaneh@audiocodes.com>
Date: Sun, 19 May 2024 08:58:44 +0000 (+0300)
Subject: tool_operate: avoid explicitly setting verifypeer to 1
X-Git-Tag: curl-8_9_0~391
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96a4cad46ac1e75221784e7d2b31f4445209e598;p=thirdparty%2Fcurl.git

tool_operate: avoid explicitly setting verifypeer to 1

Also for the proxy verison. It is the default, just like verifyhost,
since a long time.

Closes #13704
---

diff --git a/src/tool_operate.c b/src/tool_operate.c
index d81d59f280..535712d123 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1731,15 +1731,12 @@ static CURLcode single_transfer(struct GlobalConfig *global,
           my_setopt_str(curl, CURLOPT_SSLKEYTYPE, config->key_type);
           my_setopt_str(curl, CURLOPT_PROXY_SSLKEYTYPE,
                         config->proxy_key_type);
+
+          /* libcurl default is strict verifyhost -> 1L, verifypeer -> 1L */
           if(config->insecure_ok) {
             my_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
             my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
           }
-          else {
-            my_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
-            /* libcurl default is strict verifyhost -> 2L   */
-            /* my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); */
-          }
 
           if(config->doh_insecure_ok) {
             my_setopt(curl, CURLOPT_DOH_SSL_VERIFYPEER, 0L);
@@ -1750,9 +1747,6 @@ static CURLcode single_transfer(struct GlobalConfig *global,
             my_setopt(curl, CURLOPT_PROXY_SSL_VERIFYPEER, 0L);
             my_setopt(curl, CURLOPT_PROXY_SSL_VERIFYHOST, 0L);
           }
-          else {
-            my_setopt(curl, CURLOPT_PROXY_SSL_VERIFYPEER, 1L);
-          }
 
           if(config->verifystatus)
             my_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 1L);