diff --git a/NEWS b/NEWS
index 29bbcb73d..5249be7f8 100644
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,7 @@ ver 0.19 (not yet released)
- read tags from songs in an archive
* input
- alsa: new input plugin
+ - curl: options "verify_peer" and "verify_host"
- mms: non-blocking I/O
- nfs: new input plugin
- smbclient: new input plugin
diff --git a/doc/user.xml b/doc/user.xml
index 942a56a88..1b399c2f4 100644
--- a/doc/user.xml
+++ b/doc/user.xml
@@ -1106,6 +1106,30 @@ systemctl start mpd.socket
Configures proxy authentication.
+
+
+
+ verify_peer
+ yes|no
+
+
+ Verify the peer's SSL certificate? More
+ information.
+
+
+
+
+
+ verify_host
+ yes|no
+
+
+ Verify the certificate's name against host? More
+ information.
+
+
diff --git a/src/input/plugins/CurlInputPlugin.cxx b/src/input/plugins/CurlInputPlugin.cxx
index 46961d08f..4d7671cc2 100644
--- a/src/input/plugins/CurlInputPlugin.cxx
+++ b/src/input/plugins/CurlInputPlugin.cxx
@@ -245,6 +245,8 @@ static struct curl_slist *http_200_aliases;
static const char *proxy, *proxy_user, *proxy_password;
static unsigned proxy_port;
+static bool verify_peer, verify_host;
+
static CurlMulti *curl_multi;
static constexpr Domain http_domain("http");
@@ -562,6 +564,9 @@ input_curl_init(const config_param ¶m, Error &error)
"");
}
+ verify_peer = param.GetBlockValue("verify_peer", true);
+ verify_host = param.GetBlockValue("verify_host", true);
+
CURLM *multi = curl_multi_init();
if (multi == nullptr) {
curl_slist_free_all(http_200_aliases);
@@ -740,6 +745,9 @@ CurlInputStream::InitEasy(Error &error)
curl_easy_setopt(easy, CURLOPT_PROXYUSERPWD, proxy_auth_str);
}
+ curl_easy_setopt(easy, CURLOPT_SSL_VERIFYPEER, verify_peer ? 1l : 0l);
+ curl_easy_setopt(easy, CURLOPT_SSL_VERIFYHOST, verify_host ? 2l : 0l);
+
CURLcode code = curl_easy_setopt(easy, CURLOPT_URL, GetURI());
if (code != CURLE_OK) {
error.Format(curl_domain, code,