You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When the actual hostname and the common name of the certificate is different (like during development), if I want to disable the check of the hostname of the certificate, it must be written as below:
Am I right in thinking this is a proposal to set ssl_verify_peer_name to false whenever ssl_verify_host is set to false? If so, I'm no expert but wouldn't that be creating a gotcha?
For example, because I'm currently running < PHP 5.6 I've had to set ssl_verify_host (“set to false if you wish to ignore hostname match errors when validating certificates”) to false because PHP's wildcard matching for CN wasn't working/in place. However, I didn't need to set ssl_verify_peer to false (“Set to false to disable SSL verification. This is not recommended.”). Quotes in brackets are from Cake 2's documentation.
The actual issue here seems to be the lack of an SSL certificate for a development server, or using TLS when it's not required in development.
In CakePHP 2.x.
PHP >= 5.6.0, SSL context options add the
verify_peer_name
and this default value isTRUE
.http://php.net/manual/en/context.ssl.php
When the actual hostname and the common name of the certificate is different (like during development), if I want to disable the check of the hostname of the certificate, it must be written as below:
This is redundant.
I without having to worry about the version of PHP, I want to finish by writing the only
'ssl_verify_host' = false
.The text was updated successfully, but these errors were encountered: