Stas suggested this should throw a notice instead of a warning, I've
amended. Thx all.
https://github.com/php/php-src/pull/221
- JJ
On Thu, Oct 25, 2012 at 11:39 AM, JJ wrote:
> Agreed.
>
> https://github.com/johnj/php-src/commit/905f7121fa664380c97f71ff9cbc4b6c04396374
>
Agreed.
https://github.com/johnj/php-src/commit/905f7121fa664380c97f71ff9cbc4b6c04396374
- JJ
On Thu, Oct 25, 2012 at 8:54 AM, Rasmus Lerdorf wrote:
>
> I see no need for an RFC just to add a helpful notice here. Just do it.
>
> -Rasmus
>
--
PHP Internals - PHP Runtime Deve
true); but still... I don't think this is a
> good idea either.
I highly doubt code that sets CURLOPT_SSL_VERIFYHOST => true meant to
imply CURLOPT_SSL_VERIFYHOST => 1...which essentially bypasses host
verification.
According to libcurl, CURLOPT_SSL_VERIFYHOST => 1 is "not
an and true, the opt value for libcurl is set to 2L.
I understand that engineers should have the proper option value to
begin with but weighing the impact of this (MITM attacks) against
doing what they probably meant anyways is worth the presumption.
Please discuss and adjust the patch if neces
which has
taken a large chunk of this thread, will hinder the relrfc moving
forward.
- JJ
On Wed, Aug 24, 2011 at 5:50 AM, Zeev Suraski wrote:
> Well, I have to admit this is mighty convincing :) Wasn't aware of this
> use-case. Falls under the category of mass breakage I guess.
>
cult
because of its' far-reaching impact.
- JJ
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
