Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On Wed, Oct 24, 2012 at 10:46 PM, JJ wrote: > On Wed, Oct 24, 2012 at 10:34 PM, Sherif Ramadan > wrote: >> I understand there are people out there that don't read the >> documentation and aren't aware of the difference between >> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); and curl_setopt($ch, >

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On Thu, Oct 25, 2012 at 2:48 PM, JJ wrote: > Stas suggested this should throw a notice instead of a warning, I've > amended. Thx all. > > https://github.com/php/php-src/pull/221 > > The PR has been merged in and closed. It has been merged into 5.4 and master. Thanks for the contribution! Anthon

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

Stas suggested this should throw a notice instead of a warning, I've amended. Thx all. https://github.com/php/php-src/pull/221 - JJ On Thu, Oct 25, 2012 at 11:39 AM, JJ wrote: > Agreed. > > https://github.com/johnj/php-src/commit/905f7121fa664380c97f71ff9cbc4b6c04396374 > > - JJ > > On Thu, Oct

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

Agreed. https://github.com/johnj/php-src/commit/905f7121fa664380c97f71ff9cbc4b6c04396374 - JJ On Thu, Oct 25, 2012 at 8:54 AM, Rasmus Lerdorf wrote: > > I see no need for an RFC just to add a helpful notice here. Just do it. > > -Rasmus > -- PHP Internals - PHP Runtime Development Mailing Lis

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

Hi! > My tendancy would be to target 5.5 only, but I can see the argument made > that it should target 5.3/5.4 as well... Thoughts? I think it'd be fine for 5.4. Please do a pull req first though to be sure. Thanks, -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (4

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

Rasmus et al, I see no need for an RFC just to add a helpful notice here. Just do it. > > -Rasmus > > Should this target master only (5.5)? Or 5.3/5.4 as well? My tendancy would be to target 5.5 only, but I can see the argument made that it should target 5.3/5.4 as well... Thoughts? Anthony

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

FYI: the bug is: 63363 https://bugs.php.net/bug.php?id=63363 On Thu, Oct 25, 2012 at 12:06 PM, Anthony Ferrara wrote: > > Do we even need an RFC for this? I would personally just open a bug and > >> > commit the change. >> > >> > But if people want an RFC, that's fine... It just seems like a h

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

> Do we even need an RFC for this? I would personally just open a bug and > > commit the change. > > > > But if people want an RFC, that's fine... It just seems like a huge > > undertaking for such a minor change... > > I see no need for an RFC just to add a helpful notice here. Just do it. > Th

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On 10/25/2012 08:53 AM, Anthony Ferrara wrote: >> If there are no objections, I'll go ahead and draft an RFC for the >> notice/docs idea later today. If anyone would like to co-author it with >> me, please drop me an email and I'll send you the wiki link once I've >> created the page. >> > > Do

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

> If there are no objections, I'll go ahead and draft an RFC for the > notice/docs idea later today. If anyone would like to co-author it with > me, please drop me an email and I'll send you the wiki link once I've > created the page. > Do we even need an RFC for this? I would personally just op

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On Thu, Oct 25, 2012 at 7:26 AM, Anthony Ferrara wrote: > All, > > > On Thu, Oct 25, 2012 at 3:14 AM, Guillaume Rossolini < > g.rossol...@gmail.com> wrote: > >> On Thu, Oct 25, 2012 at 8:36 AM, Kris Craig wrote: >> > >> > What if, instead of changing the behavior, we have it throw a notice or >>

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

Hi, Am 25.10.2012 um 07:03 schrieb JJ : [...] > My solution was to check the type for CURLOPT_SSL_VERIFYHOST: if it is > boolean and true, the opt value for libcurl is set to 2L. > > I understand that engineers should have the proper option value to > begin with but weighing the impact of this (M

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

All, On Thu, Oct 25, 2012 at 3:14 AM, Guillaume Rossolini wrote: > On Thu, Oct 25, 2012 at 8:36 AM, Kris Craig wrote: > > > > What if, instead of changing the behavior, we have it throw a notice or > > warning if a boolean value is passed here? Because this is such a common > > error, I think i

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

I completely agree with Adam and others, we should not change the behaviour to add any magic. The ext/curl api was made to stay as close as possible from the original libcurl api and it should stay the same (even if it's not always implicit). A lot of people are often referring to the libcurl C do

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On 10/25/2012 04:54 AM, Kris Craig wrote: So you propose to implement strict type checking of parameters because a few bozos don't read the documentation? That doesn't make much sense to me. What makes more sense is that the extension perform its own type checking where that is appropriate. I

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

> So you propose to implement strict type checking of parameters because a > few bozos don't read the documentation? That doesn't make much sense to me. > > What makes more sense is that the extension perform its own type checking > where that is appropriate. I have plenty of subroutine code that

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On 25 October 2012 18:38, Sebastian Krebs wrote: > 2012/10/25 crankypuss >> Booleans ought to be 1 and 0. Casting a boolean to 2 is just wrong, a way >> to fix badly written code a few people have written and in so doing risk >> the breakage of far more code that is correct. > > > Thats not comp

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

2012/10/25 crankypuss > On 10/24/2012 11:34 PM, Sherif Ramadan wrote: > >> On Thu, Oct 25, 2012 at 1:03 AM, JJ wrote: >> >>> Hey all - I'd like start a discussion around pull request 221 >>> (https://github.com/php/php-**src/pull/221 >>> ). >>> >>> In sho

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On 10/25/2012 12:36 AM, Kris Craig wrote: On Wed, Oct 24, 2012 at 11:21 PM, Sherif Ramadan wrote: On Thu, Oct 25, 2012 at 1:46 AM, JJ wrote: On Wed, Oct 24, 2012 at 10:34 PM, Sherif Ramadan wrote: I understand there are people out there that don't read the documentation and aren't aware of

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On 10/24/2012 11:34 PM, Sherif Ramadan wrote: On Thu, Oct 25, 2012 at 1:03 AM, JJ wrote: Hey all - I'd like start a discussion around pull request 221 (https://github.com/php/php-src/pull/221). In short, there's a high volume of [incorrect] code out there which looks like: curl_setopt($ch, CU

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On Thu, Oct 25, 2012 at 8:36 AM, Kris Craig wrote: > > What if, instead of changing the behavior, we have it throw a notice or > warning if a boolean value is passed here? Because this is such a common > error, I think it could be really beneficial in helping developers catch > this early. Thoug

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

CURLOPT_SSL_VERIFYHOST - this option just sounds like "should I verify host?", when it must sound like "what verifying strategy should I use?" On Thu, 25 Oct 2012 10:19:24 +0400, Adam Harvey wrote: On 25 October 2012 13:46, JJ wrote: On Wed, Oct 24, 2012 at 10:34 PM, Sherif Ramadan wrote:

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On Wed, Oct 24, 2012 at 11:21 PM, Sherif Ramadan wrote: > On Thu, Oct 25, 2012 at 1:46 AM, JJ wrote: > > On Wed, Oct 24, 2012 at 10:34 PM, Sherif Ramadan > > wrote: > >> I understand there are people out there that don't read the > >> documentation and aren't aware of the difference between > >>

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On Thu, Oct 25, 2012 at 1:46 AM, JJ wrote: > On Wed, Oct 24, 2012 at 10:34 PM, Sherif Ramadan > wrote: >> I understand there are people out there that don't read the >> documentation and aren't aware of the difference between >> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); and curl_setopt($ch, >>

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On 25 October 2012 13:46, JJ wrote: > On Wed, Oct 24, 2012 at 10:34 PM, Sherif Ramadan > wrote: >> I understand there are people out there that don't read the >> documentation and aren't aware of the difference between >> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); and curl_setopt($ch, >> CURLOP

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On Wed, Oct 24, 2012 at 10:34 PM, Sherif Ramadan wrote: > I understand there are people out there that don't read the > documentation and aren't aware of the difference between > curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); and curl_setopt($ch, > CURLOPT_SSL_VERIFYHOST, true); but still... I don't

Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

On Thu, Oct 25, 2012 at 1:03 AM, JJ wrote: > Hey all - I'd like start a discussion around pull request 221 > (https://github.com/php/php-src/pull/221). > > In short, there's a high volume of [incorrect] code out there which looks > like: > > curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true); > > Ins

[PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST

Hey all - I'd like start a discussion around pull request 221 (https://github.com/php/php-src/pull/221). In short, there's a high volume of [incorrect] code out there which looks like: curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true); Instead of what, in all likelyhood, the code meant to do: curl