From f2572174348af42d26c9b092ade7fb42be044b7b Mon Sep 17 00:00:00 2001
From: Jesse Skrivseth <voodoodrul@gmail.com>
Date: Mon, 8 Jun 2015 08:50:58 -0600
Subject: [PATCH] Fix CURLOPT_SSL_VERIFYHOST issue

libcurl's CURLOPT_SSL_VERIFYHOST option accepts only values 0 and 2. This fix is fail-secure in that SSL host verification will be enabled regardless of what a caller passes to Request::verifyHost($bool) unless $bool === false.
---
 src/Unirest/Request.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Unirest/Request.php b/src/Unirest/Request.php
index 9f96eeb..cf0368c 100644
--- a/src/Unirest/Request.php
+++ b/src/Unirest/Request.php
@@ -416,7 +416,8 @@ class Request
             CURLOPT_HTTPHEADER => self::getFormattedHeaders($headers),
             CURLOPT_HEADER => true,
             CURLOPT_SSL_VERIFYPEER => self::$verifyPeer,
-            CURLOPT_SSL_VERIFYHOST => self::$verifyHost,
+            //CURLOPT_SSL_VERIFYHOST accepts only 0 (false) or 2 (true). Future versions of libcurl will treat values 1 and 2 as equals
+            CURLOPT_SSL_VERIFYHOST => self::$verifyHost === false ? 0 : 2,
             // If an empty string, '', is set, a header containing all supported encoding types is sent
             CURLOPT_ENCODING => ''
         ));