On Wed, Oct 24, 2012 at 10:46 PM, JJ <ja...@php.net> wrote: > On Wed, Oct 24, 2012 at 10:34 PM, Sherif Ramadan > <theanomaly...@gmail.com> wrote: >> I understand there are people out there that don't read the >> documentation and aren't aware of the difference between >> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); and curl_setopt($ch, >> CURLOPT_SSL_VERIFYHOST, true); but still... I don't think this is a >> good idea either. > > I highly doubt code that sets CURLOPT_SSL_VERIFYHOST => true meant to > imply CURLOPT_SSL_VERIFYHOST => 1...which essentially bypasses host > verification. > > According to libcurl, CURLOPT_SSL_VERIFYHOST => 1 is "not ordinarily a > useful setting".
The curl stream wrapper sets this option to 1 when using the curl_verify_ssl_host context option. I imagine that should be fixed too then? -Hannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
