[Tickets #12929] Re: Horde_Http: Fix disabling SSL certificate hostname check

noreply at bugs.horde.org noreply at bugs.horde.org
Wed Nov 26 09:59:48 UTC 2014


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/12929
------------------------------------------------------------------------------
  Ticket             | 12929
  Updated By         | skhorde at smail.inf.fh-bonn-rhein-sieg.de  
<skhorde at smail.inf.fh-bonn-rhein-sieg.de>
  Summary            | Horde_Http: Fix disabling SSL certificate hostname
                     | check
  Queue              | Horde Framework Packages
  Version            | Git master
  Type               | Bug
  State              | Feedback
  Priority           | 1. Low
  Milestone          |
  Patch              | 1
  Owners             |
------------------------------------------------------------------------------


Thomas Jarosch <thomas.jarosch at intra2net.com> (2014-07-01 07:21) wrote:

> I'm not sure if that is really a good situation. Disabling peer  
> verification and host name verification is really two different  
> things. On the other hand, you probably want both if you intend less  
> strict SSL verification. Maybe introduce some "verifiyLoose"  
> setting...

the idea of the patch was to re-gain BC with the existing horde code  
before the curl update.

f.e., [mms] commited just the same thing for the Imap_Client:
https://github.com/horde/horde/commit/0dcd8ae25ef273240693f78a4e038088e0e569f5

Notice the

+                'ssl' => array(
+                    'verify_peer' => false,
+                    'verify_peer_name' => false
+                )

in there.






More information about the bugs mailing list