[Tickets #12929] Re: Horde_Http: Fix disabling SSL certificate hostname check
noreply at bugs.horde.org
noreply at bugs.horde.org
Tue Jul 1 07:21:44 UTC 2014
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/12929
------------------------------------------------------------------------------
Ticket | 12929
Updated By | Thomas Jarosch <thomas.jarosch at intra2net.com>
Summary | Horde_Http: Fix disabling SSL certificate hostname
| check
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Feedback
Priority | 1. Low
Milestone |
Patch | 1
Owners |
------------------------------------------------------------------------------
Thomas Jarosch <thomas.jarosch at intra2net.com> (2014-07-01 07:21) wrote:
> I'm not sure if that is really a good situation. Disabling peer
> verification and host name verification is really two different
> things. On the other hand, you probably want both if you intend less
> strict SSL verification. Maybe introduce some "verifiyLoose"
> setting...
the idea of the patch was to re-gain BC with the existing horde code
before the curl update.
f.e., [mms] commited just the same thing for the Imap_Client:
https://github.com/horde/horde/commit/0dcd8ae25ef273240693f78a4e038088e0e569f5
Notice the
+ 'ssl' => array(
+ 'verify_peer' => false,
+ 'verify_peer_name' => false
+ )
in there.
More information about the bugs
mailing list