From 56e9a5d2c7cbc7128c48a5667aa6bb299c8e0ebb Mon Sep 17 00:00:00 2001
From: Jiri Srain <jsrain@suse.cz>
Date: Mon, 2 Jan 2006 12:00:31 +0000
Subject: [PATCH] fixed HTTPS certificate handling

---
 zypp/media/MediaCurl.cc | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/zypp/media/MediaCurl.cc b/zypp/media/MediaCurl.cc
index aa2f1d4..5a3f0e4 100644
--- a/zypp/media/MediaCurl.cc
+++ b/zypp/media/MediaCurl.cc
@@ -132,16 +132,16 @@ void MediaCurl::attachTo (bool next)
     }
   }
 
-  // XXX: wasn't that the wrong fix for some problem? this should be
-  // removed
   if ( _url.getScheme() == "https" ) {
-    WAR << "Disable certificate verification for https." << endl;
-    ret = curl_easy_setopt( _curl, CURLOPT_SSL_VERIFYPEER, 0 );
+    ret = curl_easy_setopt( _curl, CURLOPT_SSL_VERIFYPEER, 1 );
     if ( ret != 0 ) {
       ZYPP_THROW(MediaCurlSetOptException(_url, _curlError));
     }
-
-    ret = curl_easy_setopt( _curl, CURLOPT_SSL_VERIFYHOST, 0 );
+    ret = curl_easy_setopt( _curl, CURLOPT_CAPATH, "/etc/ssl/certs/" );
+    if ( ret != 0 ) {
+      ZYPP_THROW(MediaCurlSetOptException(_url, _curlError));
+    }
+    ret = curl_easy_setopt( _curl, CURLOPT_SSL_VERIFYHOST, 2 );
     if ( ret != 0 ) {
       ZYPP_THROW(MediaCurlSetOptException(_url, _curlError));
     }
-- 
2.7.4