Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:63611
Return-Path: <johnjawed@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 59261 invoked from network); 25 Oct 2012 05:47:03 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 25 Oct 2012 05:47:03 -0000
Authentication-Results: pb1.pair.com smtp.mail=johnjawed@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=johnjawed@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.42 as permitted sender)
X-PHP-List-Original-Sender: johnjawed@gmail.com
X-Host-Fingerprint: 209.85.215.42 mail-la0-f42.google.com  
Received: from [209.85.215.42] ([209.85.215.42:51593] helo=mail-la0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 94/B0-54750-552D8805 for <internals@lists.php.net>; Thu, 25 Oct 2012 01:47:02 -0400
Received: by mail-la0-f42.google.com with SMTP id e6so1096230lah.29
        for <internals@lists.php.net>; Wed, 24 Oct 2012 22:46:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:cc:content-type;
        bh=N3m3T2y3nqFT5Uyg5V9/MeSUz/XLIuYLvTX95xk08jE=;
        b=Lj9u3Dw14p7vMffFOxgBy+mArYJsSkUAQWmsYSSLZQkSMYhqf2lhpJ/WA+VEWGNPdx
         f/jjSKOtpIrOIUM9nkClCQk/nBZFaJVDXUCJrneojgNelh/YIuMCTh15k/xFZCShYDbk
         VF7aFgGzVP+TZl8ZlXSuL6+YHXOmAUpchZc2GpWSSsfkadvpyYi/8ehQ0RLduLRMTzG/
         ADOAklLulr3fOKwcYCRU/v4kv1mvi2MfFp5nosj1abHGpE8UlHhhw/1mLDfqAmoGAUML
         8FT1Wx92E2XK1RVblF6v46F/bwf+a3vm96nNT23btfAWaKla0PBLiJIvBS19S2+oJNLI
         Vbjg==
MIME-Version: 1.0
Received: by 10.152.148.169 with SMTP id tt9mr16543932lab.15.1351144017832;
 Wed, 24 Oct 2012 22:46:57 -0700 (PDT)
Sender: johnjawed@gmail.com
Received: by 10.114.17.42 with HTTP; Wed, 24 Oct 2012 22:46:57 -0700 (PDT)
In-Reply-To: <CAL+t6cF=e_55=v9bZVy7Tv=V3M4CUQLueu=b5Efa+MD0ewG_qA@mail.gmail.com>
References: <CAB75mSX-cMqZPTfv2vc8fakD_pr31qPR+kO5_O=zYiVoy4xH2w@mail.gmail.com>
	<CAL+t6cF=e_55=v9bZVy7Tv=V3M4CUQLueu=b5Efa+MD0ewG_qA@mail.gmail.com>
Date: Wed, 24 Oct 2012 22:46:57 -0700
X-Google-Sender-Auth: uKROma3dm3EOaBssTaoK74ZHFSw
Message-ID: <CAB75mSVg10VURjFmOhNQk87CqVP9FOQmcSzzgfMUTEb6S7WvxQ@mail.gmail.com>
To: Sherif Ramadan <theanomaly.is@gmail.com>
Cc: internals@lists.php.net
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Changing the default value of "true" for CURLOPT_SSL_VERIFYHOST
From: jawed@php.net (JJ)

On Wed, Oct 24, 2012 at 10:34 PM, Sherif Ramadan
<theanomaly.is@gmail.com> wrote:
> I understand there are people out there that don't read the
> documentation and aren't aware of the difference between
> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); and curl_setopt($ch,
> CURLOPT_SSL_VERIFYHOST, true); but still... I don't think this is a
> good idea either.

I highly doubt code that sets CURLOPT_SSL_VERIFYHOST => true meant to
imply CURLOPT_SSL_VERIFYHOST => 1...which essentially bypasses host
verification.

According to libcurl, CURLOPT_SSL_VERIFYHOST => 1 is "not ordinarily a
useful setting".

- JJ