On Wed, Oct 24, 2012 at 10:34 PM, Sherif Ramadan <theanomaly...@gmail.com> wrote: > I understand there are people out there that don't read the > documentation and aren't aware of the difference between > curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); and curl_setopt($ch, > CURLOPT_SSL_VERIFYHOST, true); but still... I don't think this is a > good idea either.
I highly doubt code that sets CURLOPT_SSL_VERIFYHOST => true meant to imply CURLOPT_SSL_VERIFYHOST => 1...which essentially bypasses host verification. According to libcurl, CURLOPT_SSL_VERIFYHOST => 1 is "not ordinarily a useful setting". - JJ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
