Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove unsecure CURLOPT_SSL_VERIFY* options #8

Merged
merged 1 commit into from Mar 28, 2019
Merged

Remove unsecure CURLOPT_SSL_VERIFY* options #8

merged 1 commit into from Mar 28, 2019

Conversation

oldpec
Copy link
Contributor

@oldpec oldpec commented Mar 26, 2019

Verification of peer certificate against trusted CAs and hostname verification should never be turned off otherwise MITM attacks are possible.

Verification of peer certificate against trusted CAs and hostname verification should never be turned off otherwise MITM attacks are possible.
@slogsdon
Copy link
Contributor

@oldpec Thanks for sending this over. We are reviewing this and will include it in our next deployment as long as there aren't any concerns.

@securesubmit-buildmaster securesubmit-buildmaster merged commit 1a545fe into globalpayments:master Mar 28, 2019
@slogsdon
Copy link
Contributor

@oldpec There was a small snag during our deployment today that caused this PR to be merged instead of your PR that removed the explicit cipher list. We were fine with the cipher list removal as-is, but with our current strategy, we felt we would see issues with removing the SSL verification settings in current integrations. We aren't quite ready to issue a full version bump (to 2.0.0), so we implemented an intermediate solution where custom curl options can be supplied with your gateway credentials. Here's a small example of how you can leverage this:

$config = new ServicesConfig();
$config->secretApiKey = 'skapi_cert_MTeSAQAfG1UA9qQDrzl-kz4toXvARyieptFwSKP24w';
$config->serviceUrl = 'https://cert.api2-c.heartlandportico.com/';
$config->curlOptions = [
  CURLOPT_SSL_VERIFYPEER => true,
  CURLOPT_SSL_VERIFYHOST => 2,
];
ServicesContainer::configure($config);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants