3 files changed, 33 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 29bbcb73d..5249be7f8 100644
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,7 @@ ver 0.19 (not yet released)
   - read tags from songs in an archive
 * input
   - alsa: new input plugin
+  - curl: options "verify_peer" and "verify_host"
   - mms: non-blocking I/O
   - nfs: new input plugin
   - smbclient: new input plugin
diff --git a/doc/user.xml b/doc/user.xml
index 942a56a88..1b399c2f4 100644
--- a/doc/user.xml
+++ b/doc/user.xml
@@ -1106,6 +1106,30 @@ systemctl start mpd.socket</programlisting>
                   Configures proxy authentication.
                 </entry>
               </row>
+
+              <row>
+                <entry>
+                  <varname>verify_peer</varname>
+                  <parameter>yes|no</parameter>
+                </entry>
+                <entry>
+                  Verify the peer's SSL certificate?  <ulink
+                  url="http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html">More
+                  information</ulink>.
+                </entry>
+              </row>
+
+              <row>
+                <entry>
+                  <varname>verify_host</varname>
+                  <parameter>yes|no</parameter>
+                </entry>
+                <entry>
+                  Verify the certificate's name against host?  <ulink
+                  url="http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html">More
+                  information</ulink>.
+                </entry>
+              </row>
             </tbody>
           </tgroup>
         </informaltable>
diff --git a/src/input/plugins/CurlInputPlugin.cxx b/src/input/plugins/CurlInputPlugin.cxx
index 46961d08f..4d7671cc2 100644
--- a/src/input/plugins/CurlInputPlugin.cxx
+++ b/src/input/plugins/CurlInputPlugin.cxx
@@ -245,6 +245,8 @@ static struct curl_slist *http_200_aliases;
 static const char *proxy, *proxy_user, *proxy_password;
 static unsigned proxy_port;
 
+static bool verify_peer, verify_host;
+
 static CurlMulti *curl_multi;
 
 static constexpr Domain http_domain("http");
@@ -562,6 +564,9 @@ input_curl_init(const config_param &param, Error &error)
 						   "");
 	}
 
+	verify_peer = param.GetBlockValue("verify_peer", true);
+	verify_host = param.GetBlockValue("verify_host", true);
+
 	CURLM *multi = curl_multi_init();
 	if (multi == nullptr) {
 		curl_slist_free_all(http_200_aliases);
@@ -740,6 +745,9 @@ CurlInputStream::InitEasy(Error &error)
 		curl_easy_setopt(easy, CURLOPT_PROXYUSERPWD, proxy_auth_str);
 	}
 
+	curl_easy_setopt(easy, CURLOPT_SSL_VERIFYPEER, verify_peer ? 1l : 0l);
+	curl_easy_setopt(easy, CURLOPT_SSL_VERIFYHOST, verify_host ? 2l : 0l);
+
 	CURLcode code = curl_easy_setopt(easy, CURLOPT_URL, GetURI());
 	if (code != CURLE_OK) {
 		error.Format(curl_domain, code,