[PHP-CVS] com php-src: Notice if CURLOPT_SSL_VERIFYHOST is set to true: ext/curl/interface.c ext/curl/tests/bug63363.phpt

Thu, 25 Oct 2012 13:39:15 -0700 

Commit:    3b85d09de7347b16024530579e46f89d587a2e18
Author:    John Jawed (JJ) <ja...@php.net>         Wed, 24 Oct 2012 21:47:47 
-0700
Parents:   7b4a53e26344ede3534c6ce7ea5973cd4082c90e
Branches:  master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=3b85d09de7347b16024530579e46f89d587a2e18

Log:
Notice if CURLOPT_SSL_VERIFYHOST is set to true

Changed paths:
  M  ext/curl/interface.c
  A  ext/curl/tests/bug63363.phpt


Diff:
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index d9abece..eb7ed8d 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -2014,6 +2014,10 @@ static int _php_curl_setopt(php_curl *ch, long option, 
zval **zvalue, zval *retu
 
        switch (option) {
                /* Long options */
+               case CURLOPT_SSL_VERIFYHOST:
+                       if(Z_TYPE_PP(zvalue)==IS_BOOL && Z_BVAL_PP(zvalue)) {
+                               php_error_docref(NULL TSRMLS_CC, E_NOTICE, 
"CURLOPT_SSL_VERIFYHOST set to true which disables common name validation 
(setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation)");
+                       }
                case CURLOPT_AUTOREFERER:
                case CURLOPT_BUFFERSIZE:
                case CURLOPT_CLOSEPOLICY:
@@ -2048,7 +2052,6 @@ static int _php_curl_setopt(php_curl *ch, long option, 
zval **zvalue, zval *retu
                case CURLOPT_PUT:
                case CURLOPT_RESUME_FROM:
                case CURLOPT_SSLVERSION:
-               case CURLOPT_SSL_VERIFYHOST:
                case CURLOPT_SSL_VERIFYPEER:
                case CURLOPT_TIMECONDITION:
                case CURLOPT_TIMEOUT:
diff --git a/ext/curl/tests/bug63363.phpt b/ext/curl/tests/bug63363.phpt
new file mode 100644
index 0000000..43deaa2
--- /dev/null
+++ b/ext/curl/tests/bug63363.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Bug #63363 (CURL silently accepts boolean value for SSL_VERIFYHOST)
+--SKIPIF--
+<?php
+if (!extension_loaded("curl")) {
+        exit("skip curl extension not loaded");
+}
+
+?>
+--FILE--
+<?php
+$ch = curl_init();
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
+/* Case that should throw an error */
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true));
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0));
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1));
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2));
+
+curl_close($ch);
+?>
+--EXPECTF--
+bool(true)
+
+Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST set to true which disables 
common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name 
validation) in %s on line %d
+bool(true)
+bool(true)
+bool(true)
+bool(true)


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to