improve curl backwards compatibility, de-duplicate code

1 files changed, 2 insertions, 21 deletions

diff --git a/src/lib/merchant_api_curl_defaults.c b/src/lib/merchant_api_curl_defaults.c
index d565e5dd..710b3830 100644
--- a/src/lib/merchant_api_curl_defaults.c
+++ b/src/lib/merchant_api_curl_defaults.c
@@ -38,33 +38,14 @@ TALER_MERCHANT_curl_easy_get_ (const char *url)
                  curl_easy_setopt (eh,
                                    CURLOPT_URL,
                                    url));
-  GNUNET_assert (CURLE_OK ==
-                 curl_easy_setopt (eh,
-                                   CURLOPT_FOLLOWLOCATION,
-                                   1L));
-  if (0 == strcasecmp (url,
-                       "https://"))
-    GNUNET_assert (CURLE_OK ==
-                   curl_easy_setopt (eh,
-                                     CURLOPT_REDIR_PROTOCOLS_STR,
-                                     "https"));
-  else
-    GNUNET_assert (CURLE_OK ==
-                   curl_easy_setopt (eh,
-                                     CURLOPT_REDIR_PROTOCOLS_STR,
-                                     "http,https"));
+  TALER_curl_set_secure_redirect_policy (eh,
+                                         url);
   /* Enable compression (using whatever curl likes), see
      https://curl.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html  */
   GNUNET_break (CURLE_OK ==
                 curl_easy_setopt (eh,
                                   CURLOPT_ACCEPT_ENCODING,
                                   ""));
-  /* limit MAXREDIRS to 5 as a simple security measure against
-     a potential infinite loop caused by a malicious target */
-  GNUNET_assert (CURLE_OK ==
-                 curl_easy_setopt (eh,
-                                   CURLOPT_MAXREDIRS,
-                                   5L));
   GNUNET_assert (CURLE_OK ==
                  curl_easy_setopt (eh,
                                    CURLOPT_TCP_FASTOPEN,