You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 24, 2023. It is now read-only.
ParanoidHTTPFetcher contains a couple of stanzas of:
if (defined('Auth_OpenID_VERIFY_HOST')) {
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
}
The trouble is, CURLOPT_SSL_VERIFYPEER = true by default for recent releases of curl [1], so this setting isn't actually doing anything. And getting VERIFYPEER to actually work properly has been extremely problematic for me [2], although that could be because I'm running on Windows. Anyway, it'd be very helpful if Auth_OpenID_VERIFY_HOST was a boolean, and when false it explictly set CURLOPT_SSL_VERIFYPEER = false.
ParanoidHTTPFetcher contains a couple of stanzas of:
The trouble is, CURLOPT_SSL_VERIFYPEER = true by default for recent releases of curl [1], so this setting isn't actually doing anything. And getting VERIFYPEER to actually work properly has been extremely problematic for me [2], although that could be because I'm running on Windows. Anyway, it'd be very helpful if Auth_OpenID_VERIFY_HOST was a boolean, and when false it explictly set CURLOPT_SSL_VERIFYPEER = false.
[1] http://us2.php.net/manual/en/function.curl-setopt.php
[2] http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/
The text was updated successfully, but these errors were encountered: