Avoid disabling SSL certificate verification #1

Open
wants to merge 5 commits into
from

Conversation

Projects
None yet
2 participants

ashokak commented Apr 23, 2012

Since 7.10, curl will verify the certificate by default.
Users who get certificate errors should check their curl installation/configuration, and fix that, rather than connecting to anyone claiming to be FreshBooks.

(Thanks for the handy library; hope this is a useful change.)

@ashokak ashokak Avoid disabling SSL certificate verification.
Since 7.10, curl will verify the certificate by default.
Users who get certificate errors should check their curl installation/configuration, and fix that, rather than connecting to anyone claiming to be FreshBooks.
43d5f42
Owner

jboesch commented Apr 23, 2012

I don't want it to check a certificate by default. I don't think most people will have this.
If you're going to make a change like this, I would rather it be configurable. Like, have it like you do by default. But if the user chooses, they can set SSL_VERIFYPEER to false.

Maybe a 3rd param to init that allows you to specify options.

$options = array(
'ssl' => false
);
FreshBooksRequest::init($domain, $token, $options);

ashokak commented Apr 24, 2012

Understandable.

How about this. Same secure-by-default behaviour, but instead of a bag of options to init(), an explicit method to disable the verification?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment