Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Force the validation of SSL certificates

Setting these options will ensure that users of this library will
not be vulnerable to a trivial MITM attack against the Persona
verifier.
  • Loading branch information...
commit 634b113ef3660af440febc04b9cac3e0f4ec5d73 1 parent 3c705d5
@fmarier fmarier authored
Showing with 6 additions and 4 deletions.
  1. +3 −2 Demos/login.class.php
  2. +3 −2 Source/login.class.php
View
5 Demos/login.class.php
@@ -113,7 +113,8 @@ private function _requestPOST($url, $data) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
@@ -178,4 +179,4 @@ public function verify_assertion() {
}
}
-?>
+?>
View
5 Source/login.class.php
@@ -113,7 +113,8 @@ private function _requestPOST($url, $data) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
@@ -178,4 +179,4 @@ public function verify_assertion() {
}
}
-?>
+?>
Please sign in to comment.
Something went wrong with that request. Please try again.