Edit report at https://bugs.php.net/bug.php?id=63352&edit=1
ID: 63352 Updated by: [email protected] Reported by: [email protected] Summary: Can't enable hostname validation when using curl stream wrappers -Status: Open +Status: Closed Type: Bug Package: cURL related PHP Version: 5.4.8 Block user comment: N Private report: N New Comment: Automatic comment on behalf of pierrick Revision: http://git.php.net/?p=php-src.git;a=commit;h=af10e698a24e0e624920ea4c4b72a2bc3c647cef Log: Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers) Previous Comments: ------------------------------------------------------------------------ [2012-10-25 00:58:38] [email protected] Of course this is a minor issue as the certificates store can't even be set, so this is just for the record. ------------------------------------------------------------------------ [2012-10-25 00:54:16] [email protected] Description: ------------ When PHP is built with --with-curlwrappers, the context option "curl_verify_ssl_host" sets curl's CURLOPT_SSL_VERIFYHOST option to 1, but there is no way to set it to 2. Given that the option is a boolean, it should probably be setting the VERIFYHOST value to 2. There is no way to validate that the certificate belongs to the host otherwise. This applies to the ftps and https stream wrappers. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63352&edit=1
