[Tickets #13722] Http_Request and SSL and verifyHost
noreply at bugs.horde.org
noreply at bugs.horde.org
Wed Nov 26 08:07:10 UTC 2014
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/13722
------------------------------------------------------------------------------
Ticket | 13722
Created By | skhorde at smail.inf.fh-bonn-rhein-sieg.de
Summary | Http_Request and SSL and verifyHost
Queue | Horde Framework Packages
Type | Enhancement
State | New
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
skhorde at smail.inf.fh-bonn-rhein-sieg.de (2014-11-26 08:07) wrote:
If you pass "verifyPeer = false" to curl-based HTTP clients, it checks
the hostname still, see
http://php.net/manual/en/function.curl-setopt.php
CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST.
Please either add yet another option to the HttpClient class, like
request.verifyHost, or set verifyHost to 0 / false if verifyPeer is
false.
Spots would be:
Horde/Http/Request/Curl.php, function send()
Horde/Http/Request/PeckhttpBase.php function _httpOptions()
The pecl http extension seems to use a boolean value, whereas the curl
extensions uses 0 for off and 2 for active and 1 is deprecated.
More information about the bugs
mailing list