From 0f280d2adc9a4fccef532dcb810398238366617b Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 26 Jul 2010 17:35:39 -0400
Subject: Disable SSL peer verification in cURL. Also, explicitly set
 FOLLOWLOCATION to make sure that we can redirect properly. Both of these are
 needed to fix snort rule downloads.

---
 etc/inc/pfsense-utils.inc | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'etc/inc/pfsense-utils.inc')

diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index 3d12fa9..14a2579 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -1542,6 +1542,9 @@ function download_file_with_progress_bar($url_file, $destination_file, $readbody
         $ch = curl_init();
         curl_setopt($ch, CURLOPT_URL, $url_file);
         curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
+        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+        /* Don't verify SSL peers since we don't have the certificates to do so. */
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
         curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody);
         curl_setopt($ch, CURLOPT_NOPROGRESS, '1');
         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5');
-- 
cgit v1.1