On Thu, Oct 25, 2012 at 1:46 AM, JJ <ja...@php.net> wrote: > On Wed, Oct 24, 2012 at 10:34 PM, Sherif Ramadan > <theanomaly...@gmail.com> wrote: >> I understand there are people out there that don't read the >> documentation and aren't aware of the difference between >> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); and curl_setopt($ch, >> CURLOPT_SSL_VERIFYHOST, true); but still... I don't think this is a >> good idea either. > > I highly doubt code that sets CURLOPT_SSL_VERIFYHOST => true meant to > imply CURLOPT_SSL_VERIFYHOST => 1...which essentially bypasses host > verification.
That's not our place to start guessing what the user did or did not intend. The fact remains that a cast of a boolean true to int is in fact 1. The fact also remains that CURLOPT_SSL_VERIFYHOST expects an int as per the documented behavior. The fact additionally remains that no user would expect var_dump((int) true) to return int(2). > > According to libcurl, CURLOPT_SSL_VERIFYHOST => 1 is "not ordinarily a > useful setting". > Again, you're confusing users who don't read documentation and/or don't understand it with users who may have fully read documentation and understood it perfectly well and ever intention of setting CURLOPT_SSL_VERIFYHOST to 1. I understand your intentions here are good, but we should not be magically trying to guess what the user wants. We should document the behavior clearly and this solution makes documentation completely unclear. Nowhere in the PHP manual do we say "we might break the promise of a boolean cast to int and make it int(2) instead of int(1)". > - JJ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
