xiaozhuai
commented
2 years ago @hippymulehead Thanks for your report. Please submit a pr and I'll merge it. Have a good day!
Open hippymulehead opened 2 years ago
xiaozhuai
commented
2 years ago @hippymulehead Thanks for your report. Please submit a pr and I'll merge it. Have a good day!
In Request.h the following code only verifies the peer if you have a Cacert in your code....
if(m_VerifySSL && !m_Cacert.empty()){ SET_CURL_OPT(CURLOPT_SSL_VERIFYPEER, 1); SET_CURL_OPT(CURLOPT_SSL_VERIFYHOST, 1); SET_CURL_OPT(CURLOPT_CAINFO, m_Cacert.c_str()); }else{ SET_CURL_OPT(CURLOPT_SSL_VERIFYPEER, 0); SET_CURL_OPT(CURLOPT_SSL_VERIFYHOST, 0); }
You can fix this by changing to this... This allows you to verify the remote cert is valid when VerifySSL is true or you can bypass the verify if the server has a self signed cert with VerifySSL = false;
if (m_VerifySSL && !m_Cacert.empty()) { SET_CURL_OPT(CURLOPT_SSL_VERIFYPEER, 1); SET_CURL_OPT(CURLOPT_SSL_VERIFYHOST, 1); SET_CURL_OPT(CURLOPT_CAINFO, m_Cacert.c_str()); } else { if (m_VerifySSL) { SET_CURL_OPT(CURLOPT_SSL_VERIFYPEER, 1); SET_CURL_OPT(CURLOPT_SSL_VERIFYHOST, 1); } else { SET_CURL_OPT(CURLOPT_SSL_VERIFYPEER, 0); SET_CURL_OPT(CURLOPT_SSL_VERIFYHOST, 0); } }