bitmotor/unirest-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CURLOPT_SSL_VERIFYHOST issue

Browse Source 
libcurl's CURLOPT_SSL_VERIFYHOST option accepts only values 0 and 2. This fix is fail-secure in that SSL host verification will be enabled regardless of what a caller passes to Request::verifyHost($bool) unless $bool === false.
This commit is contained in:
Jesse Skrivseth
2015-06-08 08:50:58 -06:00
parent c9c0a85250
commit f257217434
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Unirest/Request.php
View File

@@ -416,7 +416,8 @@ class Request
CURLOPT_HTTPHEADER => self::getFormattedHeaders($headers), CURLOPT_HTTPHEADER => self::getFormattedHeaders($headers),
CURLOPT_HEADER => true, CURLOPT_HEADER => true,
CURLOPT_SSL_VERIFYPEER => self::$verifyPeer, CURLOPT_SSL_VERIFYPEER => self::$verifyPeer,
CURLOPT_SSL_VERIFYHOST => self::$verifyHost, //CURLOPT_SSL_VERIFYHOST accepts only 0 (false) or 2 (true). Future versions of libcurl will treat values 1 and 2 as equals
CURLOPT_SSL_VERIFYHOST => self::$verifyHost === false ? 0 : 2,
// If an empty string, '', is set, a header containing all supported encoding types is sent // If an empty string, '', is set, a header containing all supported encoding types is sent
CURLOPT_ENCODING => '' CURLOPT_ENCODING => ''
)); ));