From 74396448dfd7d975b77e6bff36680757ee56ddb2 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@musicpd.org>
Date: Thu, 21 Jan 2021 14:53:38 +0100
Subject: [PATCH] input/curl: disable verify_peer on Android by default

I havn't yet figured out how to use Android's system CA certificates
with CURL/OpenSSL, so a temporary workaround is to disable verify_peer
by default.  The data MPD transfers isn't extremely important, so the
servers's authenticity isn't extremely important either.
---
 src/input/plugins/CurlInputPlugin.cxx | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/input/plugins/CurlInputPlugin.cxx b/src/input/plugins/CurlInputPlugin.cxx
index 151b9ab96..fb6e7a892 100644
--- a/src/input/plugins/CurlInputPlugin.cxx
+++ b/src/input/plugins/CurlInputPlugin.cxx
@@ -369,8 +369,15 @@ input_curl_init(EventLoop &event_loop, const ConfigBlock &block)
 	proxy_user = block.GetBlockValue("proxy_user");
 	proxy_password = block.GetBlockValue("proxy_password");
 
-	verify_peer = block.GetBlockValue("verify_peer", true);
-	verify_host = block.GetBlockValue("verify_host", true);
+#ifdef ANDROID
+	// TODO: figure out how to use Android's CA certificates and re-enable verify
+	constexpr bool default_verify = false;
+#else
+	constexpr bool default_verify = true;
+#endif
+
+	verify_peer = block.GetBlockValue("verify_peer", default_verify);
+	verify_host = block.GetBlockValue("verify_host", default_verify);
 }
 
 static void