value for libcurl is set to 2L.
I understand that engineers should have the proper option value to
begin with but weighing the impact of this (MITM attacks) against
doing what they probably meant anyways is worth the presumption.
Please discuss and adjust the patch if necessary.
- JJ
--
PHP
); but still... I don't think this is a
good idea either.
I highly doubt code that sets CURLOPT_SSL_VERIFYHOST = true meant to
imply CURLOPT_SSL_VERIFYHOST = 1...which essentially bypasses host
verification.
According to libcurl, CURLOPT_SSL_VERIFYHOST = 1 is not ordinarily a
useful setting.
- JJ
Agreed.
https://github.com/johnj/php-src/commit/905f7121fa664380c97f71ff9cbc4b6c04396374
- JJ
On Thu, Oct 25, 2012 at 8:54 AM, Rasmus Lerdorf ras...@lerdorf.com wrote:
I see no need for an RFC just to add a helpful notice here. Just do it.
-Rasmus
--
PHP Internals - PHP Runtime
Stas suggested this should throw a notice instead of a warning, I've
amended. Thx all.
https://github.com/php/php-src/pull/221
- JJ
On Thu, Oct 25, 2012 at 11:39 AM, JJ ja...@php.net wrote:
Agreed.
https://github.com/johnj/php-src/commit/905f7121fa664380c97f71ff9cbc4b6c04396374
- JJ
of its' far-reaching impact.
- JJ
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
chunk of this thread, will hinder the relrfc moving
forward.
- JJ
On Wed, Aug 24, 2011 at 5:50 AM, Zeev Suraski z...@zend.com wrote:
Well, I have to admit this is mighty convincing :) Wasn't aware of this
use-case. Falls under the category of mass breakage I guess.
Zeev
-Original
