From c9c0a852505be666f0b53d9e34a46fa5383e2e17 Mon Sep 17 00:00:00 2001
From: Jesse Skrivseth <voodoodrul@gmail.com>
Date: Fri, 5 Jun 2015 19:50:11 -0600
Subject: [PATCH 1/2] Allow disabling of CURLOPT_SSL_VERIFYHOST

Useful when the SSL cert has an invalid or non-resolvable hostname
---
 src/Unirest/Request.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/Unirest/Request.php b/src/Unirest/Request.php
index 77a2821..9f96eeb 100644
--- a/src/Unirest/Request.php
+++ b/src/Unirest/Request.php
@@ -15,6 +15,7 @@ class Request
     private static $jsonOpts = array();
     private static $socketTimeout = null;
     private static $verifyPeer = true;
+    private static $verifyHost = true;
 
     private static $auth = array (
         'user' => '',
@@ -55,6 +56,16 @@ class Request
     {
         return self::$verifyPeer = $enabled;
     }
+    
+    /**
+     * Verify SSL host
+     *
+     * @param bool $enabled enable SSL host verification, by default is true
+     */
+    public static function verifyHost($enabled)
+    {
+        return self::$verifyHost = $enabled;
+    }
 
     /**
      * Set a timeout
@@ -405,6 +416,7 @@ class Request
             CURLOPT_HTTPHEADER => self::getFormattedHeaders($headers),
             CURLOPT_HEADER => true,
             CURLOPT_SSL_VERIFYPEER => self::$verifyPeer,
+            CURLOPT_SSL_VERIFYHOST => self::$verifyHost,
             // If an empty string, '', is set, a header containing all supported encoding types is sent
             CURLOPT_ENCODING => ''
         ));

From f2572174348af42d26c9b092ade7fb42be044b7b Mon Sep 17 00:00:00 2001
From: Jesse Skrivseth <voodoodrul@gmail.com>
Date: Mon, 8 Jun 2015 08:50:58 -0600
Subject: [PATCH 2/2] Fix CURLOPT_SSL_VERIFYHOST issue

libcurl's CURLOPT_SSL_VERIFYHOST option accepts only values 0 and 2. This fix is fail-secure in that SSL host verification will be enabled regardless of what a caller passes to Request::verifyHost($bool) unless $bool === false.
---
 src/Unirest/Request.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Unirest/Request.php b/src/Unirest/Request.php
index 9f96eeb..cf0368c 100644
--- a/src/Unirest/Request.php
+++ b/src/Unirest/Request.php
@@ -416,7 +416,8 @@ class Request
             CURLOPT_HTTPHEADER => self::getFormattedHeaders($headers),
             CURLOPT_HEADER => true,
             CURLOPT_SSL_VERIFYPEER => self::$verifyPeer,
-            CURLOPT_SSL_VERIFYHOST => self::$verifyHost,
+            //CURLOPT_SSL_VERIFYHOST accepts only 0 (false) or 2 (true). Future versions of libcurl will treat values 1 and 2 as equals
+            CURLOPT_SSL_VERIFYHOST => self::$verifyHost === false ? 0 : 2,
             // If an empty string, '', is set, a header containing all supported encoding types is sent
             CURLOPT_ENCODING => ''
         ));