Implementation of Auth_OpenID_VERIFY_HOST is incomplete

[mbeerman]

ParanoidHTTPFetcher contains a couple of stanzas of:

    if (defined('Auth_OpenID_VERIFY_HOST')) {
        curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
    }

The trouble is, CURLOPT_SSL_VERIFYPEER = true by default for recent releases of curl [1], so this setting isn't actually doing anything. And getting VERIFYPEER to actually work properly has been extremely problematic for me [2], although that could be because I'm running on Windows. Anyway, it'd be very helpful if Auth_OpenID_VERIFY_HOST was a boolean, and when false it explictly set CURLOPT_SSL_VERIFYPEER = false.

[1] http://us2.php.net/manual/en/function.curl-setopt.php

[2] http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/