[Tickets #13722] Http_Request and SSL and verifyHost

noreply at bugs.horde.org noreply at bugs.horde.org
Wed Nov 26 08:07:10 UTC 2014


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/13722
------------------------------------------------------------------------------
  Ticket             | 13722
  Created By         | skhorde at smail.inf.fh-bonn-rhein-sieg.de
  Summary            | Http_Request and SSL and verifyHost
  Queue              | Horde Framework Packages
  Type               | Enhancement
  State              | New
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


skhorde at smail.inf.fh-bonn-rhein-sieg.de (2014-11-26 08:07) wrote:

If you pass "verifyPeer = false" to curl-based HTTP clients, it checks  
the hostname still, see  
http://php.net/manual/en/function.curl-setopt.php  
CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST.

Please either add yet another option to the HttpClient class, like  
request.verifyHost, or set verifyHost to 0 / false if verifyPeer is  
false.

Spots would be:
Horde/Http/Request/Curl.php, function send()
Horde/Http/Request/PeckhttpBase.php function _httpOptions()

The pecl http extension seems to use a boolean value, whereas the curl  
extensions uses 0 for off and 2 for active and 1 is deprecated.






More information about the bugs mailing list