-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'Verify Peer' option not respected in Authentication - Gmail plugin #30624
Conversation
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as abuse.
Ping @SniperSister @zero-24 . |
Beside that fact that it is a bad idea to use no verification in production we also know that there are enough crape hosts out there with old certificate root. Anyway the function exists so it should work. If we have 2 tests it can be merged. Removing this feature can be scheduled for j5 |
@HLeithner Any idea how it can be tested, beside code review? |
I go with PhilETaylor, It is fairly easy to setup a dev/localhost CA/ self-signed SSL cert, so verification could be done that way. On production, there should be no way to disable the verification of SSL certs. Hosts which are unmaintained and have old/ outdated SSL Certs have certainly more problems than just invalid SSL certs. But that's just my own 2c. This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30624. |
Either way it has to be fixed: Fix the buggy function like this PR here does, or remove the buggy function. But leave it as it is should not be an option. |
@richard67 replace the root certificate for curl with an empty one should work |
Dear @SharkyKZ in preperation of the upcomming release of Joomla 3.10 we have used GitHubs rename feature to rename the staging branch into 3.10-dev. Usually GitHub moves all existing PRs towards the new branch just fine, but here it didnt work. The reason seems to be that the fork of the CMS that was used as base for this PR has been deleted so GitHub does no longer have a base to rebase the PR against the new branch and we are also not able to reopen the PR. For that reason GitHub closed this PR in my name, when this issue is still valid It would require a new PR against the new 3.10-dev or 4.0-dev branch. |
Closes #30621.
Summary of Changes
Corrects data passed to
JRegistry
.Testing Instructions
Review.
Documentation Changes Required
No.