Merge pull request #22 from simoheinonen/cert_checks

Cert checks
vyuldashev · Oct 15, 2018 · a264be7 · a264be7
2 parents a0ff89f + 592feb3
commit a264be7
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -34,6 +34,8 @@ $adapter = new CurlFtpAdapter([
   'utf8' => true,
   'ssl' => true,
   'timeout' => 90,		// connect timeout
+  'sslVerifyPeer' => 0, // using 0 is insecure, use it only if you know what you're doing
+  'sslVerifyHost' => 0, // using 0 is insecure, use it only if you know what you're doing
 
   /** proxy settings */
   'proxyHost' => 'proxy-server.example.com',

diff --git a/src/CurlFtpAdapter.php b/src/CurlFtpAdapter.php
@@ -20,6 +20,8 @@ class CurlFtpAdapter extends AbstractFtpAdapter
         'password',
         'root',
         'ssl',
+        'sslVerifyPeer',
+        'sslVerifyHost',
         'utf8',
         'timeout',
         'proxyHost',
@@ -37,6 +39,12 @@ class CurlFtpAdapter extends AbstractFtpAdapter
     /** @var bool */
     protected $isPureFtpd;
 
+    /** @var @int */
+    protected $sslVerifyPeer = 1;
+
+    /** @var @int */
+    protected $sslVerifyHost = 2;
+
     /** @var bool */
     protected $utf8 = false;
 
@@ -60,6 +68,22 @@ public function setSsl($ssl)
         $this->ssl = (bool) $ssl;
     }
 
+    /**
+     * @param int $sslVerifyPeer
+     */
+    public function setSslVerifyPeer($sslVerifyPeer)
+    {
+        $this->sslVerifyPeer = $sslVerifyPeer;
+    }
+
+    /**
+     * @param int $sslVerifyHost
+     */
+    public function setSslVerifyHost($sslVerifyHost)
+    {
+        $this->sslVerifyHost = $sslVerifyHost;
+    }
+
     /**
      * @param bool $utf8
      */
@@ -141,8 +165,6 @@ public function connect()
         $this->connection->setOptions([
             CURLOPT_URL => $this->getBaseUri(),
             CURLOPT_USERPWD => $this->getUsername().':'.$this->getPassword(),
-            CURLOPT_SSL_VERIFYPEER => false,
-            CURLOPT_SSL_VERIFYHOST => false,
             CURLOPT_FTPSSLAUTH => CURLFTPAUTH_TLS,
             CURLOPT_RETURNTRANSFER => true,
             CURLOPT_CONNECTTIMEOUT => $this->getTimeout(),
@@ -152,6 +174,9 @@ public function connect()
             $this->connection->setOption(CURLOPT_FTP_SSL, CURLFTPSSL_ALL);
         }
 
+        $this->connection->setOption(CURLOPT_SSL_VERIFYHOST, $this->sslVerifyHost);
+        $this->connection->setOption(CURLOPT_SSL_VERIFYPEER, $this->sslVerifyPeer);
+
         if ($proxyUrl = $this->getProxyHost()) {
             $proxyPort = $this->getProxyPort();
             $this->connection->setOption(CURLOPT_PROXY, $proxyPort ? $proxyUrl.':'.$proxyPort : $proxyUrl);