--- a/components/curl/patches/010-CVE-2013-4545.patch Tue Oct 14 13:47:57 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-CVE-2013-4545: Setting only CURLOPT_SSL_VERIFYHOST without
-CURLOPT_SSL_VERIFYPEER set should still verify that the host
-name fields in the server certificate is fine or return failure.
-
-Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html
-Reported-by: Ishan SinghLevett
-
-Relevant upstream patch at:
-https://github.com/bagder/curl/commit/3c3622b6
-
---- lib/ssluse.c.orig 2013-11-14 15:22:45.714764527 -0800
-+++ lib/ssluse.c 2013-11-14 15:25:10.416516780 -0800
-@@ -2471,7 +2471,7 @@
- * operations.
- */
-
-- if(!data->set.ssl.verifypeer)
-+ if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
- (void)servercert(conn, connssl, FALSE);
- else
- retcode = servercert(conn, connssl, TRUE);