From 5505df7d24a2c251c7ed81a389781abca0cc5b25 Mon Sep 17 00:00:00 2001
From: Artak Galoyan <agaloyan@vmware.com>
Date: Thu, 5 Oct 2017 15:43:13 -0400
Subject: url: Update current connection SSL verify params in setopt

Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active
connection updates the current connection's (i.e.'connectdata'
structure) appropriate ssl_config (and ssl_proxy_config) structures
variables, making these options effective for ongoing connection.

This functionality was available before and was broken by the
following change:
"proxy: Support HTTPS proxy and SOCKS+HTTP(s)"
CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151.

Bug: https://github.com/curl/curl/issues/1941

Closes https://github.com/curl/curl/pull/1951
---
 lib/url.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/lib/url.c b/lib/url.c
index 3b66ae33b..8eba5fd00 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2141,6 +2141,12 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
      */
     data->set.ssl.primary.verifypeer = (0 != va_arg(param, long)) ?
                                        TRUE : FALSE;
+
+    /* Update the current connection ssl_config. */
+    if(data->easy_conn) {
+      data->easy_conn->ssl_config.verifypeer =
+        data->set.ssl.primary.verifypeer;
+    }
     break;
   case CURLOPT_PROXY_SSL_VERIFYPEER:
     /*
@@ -2148,6 +2154,12 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
      */
     data->set.proxy_ssl.primary.verifypeer =
       (0 != va_arg(param, long))?TRUE:FALSE;
+
+    /* Update the current connection proxy_ssl_config. */
+    if(data->easy_conn) {
+      data->easy_conn->proxy_ssl_config.verifypeer =
+        data->set.proxy_ssl.primary.verifypeer;
+    }
     break;
   case CURLOPT_SSL_VERIFYHOST:
     /*
@@ -2166,6 +2178,12 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
     }
 
     data->set.ssl.primary.verifyhost = (0 != arg) ? TRUE : FALSE;
+
+    /* Update the current connection ssl_config. */
+    if(data->easy_conn) {
+      data->easy_conn->ssl_config.verifyhost =
+        data->set.ssl.primary.verifyhost;
+    }
     break;
   case CURLOPT_PROXY_SSL_VERIFYHOST:
     /*
@@ -2184,6 +2202,12 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
     }
 
     data->set.proxy_ssl.primary.verifyhost = (0 != arg)?TRUE:FALSE;
+
+    /* Update the current connection proxy_ssl_config. */
+    if(data->easy_conn) {
+      data->easy_conn->proxy_ssl_config.verifyhost =
+        data->set.proxy_ssl.primary.verifyhost;
+    }
     break;
   case CURLOPT_SSL_VERIFYSTATUS:
     /*
@@ -2196,6 +2220,12 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
 
     data->set.ssl.primary.verifystatus = (0 != va_arg(param, long)) ?
                                          TRUE : FALSE;
+
+    /* Update the current connection ssl_config. */
+    if(data->easy_conn) {
+      data->easy_conn->ssl_config.verifystatus =
+        data->set.ssl.primary.verifystatus;
+    }
     break;
   case CURLOPT_SSL_CTX_FUNCTION:
     /*
-- 
cgit v1.2.1