From: Michael Andres <ma@suse.de>
Date: Thu, 12 Nov 2009 11:14:11 +0000 (+0100)
Subject: Following redirections also for https (bnc #465532, bnc #545722)
X-Git-Tag: 6.22.1~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=46efe9593b7d88d3da2a4d7c6a72542752603bbb;p=platform%2Fupstream%2Flibzypp.git

Following redirections also for https (bnc #465532, bnc #545722)
---

diff --git a/zypp/media/MediaCurl.cc b/zypp/media/MediaCurl.cc
index ee6e211..02152e5 100644
--- a/zypp/media/MediaCurl.cc
+++ b/zypp/media/MediaCurl.cc
@@ -527,17 +527,17 @@ void MediaCurl::attachTo (bool next)
   */
   SET_OPTION(CURLOPT_CONNECTTIMEOUT, _settings.connectTimeout());
 
-  if ( _url.getScheme() == "http" )
-  {
-    // follow any Location: header that the server sends as part of
-    // an HTTP header (#113275)
-    SET_OPTION(CURLOPT_FOLLOWLOCATION, true);
-    SET_OPTION(CURLOPT_MAXREDIRS, 3L);
-    SET_OPTION(CURLOPT_USERAGENT, _settings.userAgentString().c_str() );
-  }
+  // follow any Location: header that the server sends as part of
+  // an HTTP header (#113275)
+  SET_OPTION(CURLOPT_FOLLOWLOCATION, true);
+  // 3 redirects seem to be too few in some cases (bnc #465532)
+  SET_OPTION(CURLOPT_MAXREDIRS, 6L);
 
   if ( _url.getScheme() == "https" )
   {
+    // restrict following of redirections from https to https only
+    SET_OPTION( CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS );
+
     if( _settings.verifyPeerEnabled() ||
         _settings.verifyHostEnabled() )
     {
@@ -546,9 +546,10 @@ void MediaCurl::attachTo (bool next)
 
     SET_OPTION(CURLOPT_SSL_VERIFYPEER, _settings.verifyPeerEnabled() ? 1L : 0L);
     SET_OPTION(CURLOPT_SSL_VERIFYHOST, _settings.verifyHostEnabled() ? 2L : 0L);
-    SET_OPTION(CURLOPT_USERAGENT, _settings.userAgentString().c_str() );
   }
 
+  SET_OPTION(CURLOPT_USERAGENT, _settings.userAgentString().c_str() );
+
   /*---------------------------------------------------------------*
    CURLOPT_USERPWD: [user name]:[password]