CurlFetcher: also accept GRK_CURL_ALLOW_INSECURE for SSL bypass

Grok Compression · Grok Compression · commit f32f5881d31c · 2026-05-09T15:10:03.000-04:00
CurlFetcher's auth() only checked GRK_HTTP_UNSAFESSL while S3Fetcher
checked GRK_CURL_ALLOW_INSECURE, causing direct HTTPS URLs to fail
with SSL errors when only GRK_CURL_ALLOW_INSECURE was set. Now both
env vars work in both code paths.
diff --git a/src/lib/core/stream/fetchers/CurlFetcher.h b/src/lib/core/stream/fetchers/CurlFetcher.h
@@ -561,7 +561,9 @@ class CurlFetcher : public IFetcher
 
   virtual void auth(CURL* curl)
   {
-    if(EnvVarManager::test_bool("GRK_HTTP_UNSAFESSL") || auth_.s3_allow_insecure_)
+    if(EnvVarManager::test_bool("GRK_HTTP_UNSAFESSL") ||
+       EnvVarManager::test_bool("GRK_CURL_ALLOW_INSECURE") ||
+       auth_.s3_allow_insecure_)
     {
       curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
       curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);

Original file line number	Diff line number	Diff line change
`@@ -561,7 +561,9 @@ class CurlFetcher : public IFetcher`
`561`	`561`
`562`	`562`	`virtual void auth(CURL* curl)`
`563`	`563`	`{`
`564`		`- if(EnvVarManager::test_bool("GRK_HTTP_UNSAFESSL") \|\| auth_.s3_allow_insecure_)`
	`564`	`+ if(EnvVarManager::test_bool("GRK_HTTP_UNSAFESSL") \|\|`
	`565`	`+ EnvVarManager::test_bool("GRK_CURL_ALLOW_INSECURE") \|\|`
	`566`	`+ auth_.s3_allow_insecure_)`
`565`	`567`	`{`
`566`	`568`	`curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);`
`567`	`569`	`curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);`