From 5e7e4f0e262caef0bae1518a575bb98f69a9d7e1 Mon Sep 17 00:00:00 2001
From: Peter Keresztes Schmidt <carbenium@outlook.com>
Date: Sun, 31 May 2020 20:27:11 +0200
Subject: [PATCH] ipa-join: don't set TLS related curl options for JSON-RPC

Related: https://pagure.io/freeipa/issue/7966
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 client/ipa-join.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/client/ipa-join.c b/client/ipa-join.c
index 4426740d3..16a903b46 100644
--- a/client/ipa-join.c
+++ b/client/ipa-join.c
@@ -692,9 +692,6 @@ join_krb5_jsonrpc(const char *ipaserver, char *hostname, char **hostdn, const ch
     curl_easy_setopt(curl, CURLOPT_HTTPHEADER, chunk);
 
     curl_easy_setopt(curl, CURLOPT_CAINFO, DEFAULT_CA_CERT_FILE);
-    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
-    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
-    curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
     curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, &jsonrpc_handle_response);
 
     /* delegating authentication to gssapi */