Permalink
Browse files

Force the validation of SSL certificates

Setting these options will ensure that users of this library will
not be vulnerable to a trivial MITM attack against the Persona
verifier.
  • Loading branch information...
1 parent 3c705d5 commit 634b113ef3660af440febc04b9cac3e0f4ec5d73 @fmarier fmarier committed Feb 13, 2013
Showing with 6 additions and 4 deletions.
  1. +3 −2 Demos/login.class.php
  2. +3 −2 Source/login.class.php
View
@@ -113,7 +113,8 @@ private function _requestPOST($url, $data) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
@@ -178,4 +179,4 @@ public function verify_assertion() {
}
}
-?>
+?>
View
@@ -113,7 +113,8 @@ private function _requestPOST($url, $data) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
@@ -178,4 +179,4 @@ public function verify_assertion() {
}
}
-?>
+?>

0 comments on commit 634b113

Please sign in to comment.