disable https->http redirects in libcurl

[apt.git] / methods / https.cc

diff --git a/methods/https.cc b/methods/https.cc
index d97fddf9ef92b9279c516feb49be378a9e94cf54..9422df2f0d506741aa254f6c85bebc15efebfb39 100644 (file)
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -185,8 +185,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, this);
    curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress_callback);
    curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, this);
+   // options
    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, false);
    curl_easy_setopt(curl, CURLOPT_FILETIME, true);
+   // only allow redirects to https
+   curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS);
 
    // SSL parameters are set by default to the common (non mirror-specific) value
    // if available (or a default one) and gets overload by mirror-specific ones.