Tickets :: [#13722] Http_Request and SSL and verifyHost

Summary	Http_Request and SSL and verifyHost
Queue	Horde Framework Packages
Type	Enhancement
State	Duplicate
Priority	1. Low
Owners
Requester	skhorde (at) smail (dot) inf (dot) fh-bonn-rhein-sieg (dot) de
Created	11/26/14 (4142 days ago)
Due
Updated	11/26/14 (4142 days ago)
Assigned
Resolved	11/26/14 (4142 days ago)
Milestone
Patch	No

11/26/2014 09:19:47 AM	Jan Schneider	Comment #2 State ⇒ Duplicate	Reply to this comment
Duplicate of ~~request #12929~~

11/26/2014 08:07:09 AM	skhorde (at) smail (dot) inf (dot) fh-bonn-rhein-sieg (dot) de	Comment #1 State ⇒ New Priority ⇒ 1. Low Type ⇒ Enhancement Summary ⇒ Http_Request and SSL and verifyHost Queue ⇒ Horde Framework Packages Milestone ⇒ Patch ⇒ No	Reply to this comment
If you pass "verifyPeer = false" to curl-based HTTP clients, it checks the hostname still, see http://php.net/manual/en/function.curl-setopt.php CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST. Please either add yet another option to the HttpClient class, like request.verifyHost, or set verifyHost to 0 / false if verifyPeer is false. Spots would be: Horde/Http/Request/Curl.php, function send() Horde/Http/Request/PeckhttpBase.php function _httpOptions() The pecl http extension seems to use a boolean value, whereas the curl extensions uses 0 for off and 2 for active and 1 is deprecated.