Description:
------------
The CURL option SSL_VERIFYHOST accepts a long value to indicate the verification 
that should be applied. The following values are valid:

0 - No verification
1 - Check a host is present in cert
2 - Check cert's host matches request's host

The problem is that a boolean true is cast to a long 1. Therefore, code that 
does the following:

curl_setopt($c, CURLOPT_SSL_VERIFYHOST, true)

appears to be verifying the host. However, it's actually not.

This can create security issues that are very hard to find by reading code.



Test script:
---------------
<?php

$c = curl_init();
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, true);


Expected result:
----------------
The option is set to verify the host.

Actual result:
--------------
The option is set to 1, which does not verify the host.