From b11ef7fee400f881292d0fde490632b7ad22dffc Mon Sep 17 00:00:00 2001 From: Robin Gareus Date: Tue, 9 Dec 2025 23:05:29 +0100 Subject: [PATCH] Fix curl 421 errors when disabling verify peer ``` == Info: WARNING: disabling hostname validation also disables SNI. ``` which leads to a "431 Misdirected Request" reply for servers with shared hosting. --- gtk2_ardour/pingback.cc | 3 --- libs/ardour/soundcloud_upload.cc | 3 --- libs/pbd/ccurl.cc | 4 ++++ 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/gtk2_ardour/pingback.cc b/gtk2_ardour/pingback.cc index e0a499de3a..d320b1282e 100644 --- a/gtk2_ardour/pingback.cc +++ b/gtk2_ardour/pingback.cc @@ -103,9 +103,6 @@ _pingback (void *arg) #ifdef MIXBUS curl_easy_setopt (h.curl (), CURLOPT_FOLLOWLOCATION, 1); - /* do not check cert */ - curl_easy_setopt (h.curl (), CURLOPT_SSL_VERIFYPEER, 0); - curl_easy_setopt (h.curl (), CURLOPT_SSL_VERIFYHOST, 0); #endif ping_call* cm = static_cast (arg); diff --git a/libs/ardour/soundcloud_upload.cc b/libs/ardour/soundcloud_upload.cc index 5f758c20dd..86760b5bfa 100644 --- a/libs/ardour/soundcloud_upload.cc +++ b/libs/ardour/soundcloud_upload.cc @@ -348,8 +348,5 @@ SoundcloudUploader::setcUrlOptions() // Allow connections to time out (without using signals) curl_easy_setopt(curl_handle, CURLOPT_NOSIGNAL, 1); curl_easy_setopt(curl_handle, CURLOPT_CONNECTTIMEOUT, 30); - - curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0); - curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0); } diff --git a/libs/pbd/ccurl.cc b/libs/pbd/ccurl.cc index 7c551357f0..a49e21faa5 100644 --- a/libs/pbd/ccurl.cc +++ b/libs/pbd/ccurl.cc @@ -96,6 +96,10 @@ CCurl::curl () const void CCurl::ca_setopt (CURL* c) { +#if defined PLATFORM_WINDOWS || defined __APPLE__ + /* winSSL and DarwinSSL does not need this, use defaults w/VERIFYHOST */ + return; +#endif if (ca_info) { curl_easy_setopt (c, CURLOPT_CAINFO, ca_info); }