php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63352 Can't enable hostname validation when using curl stream wrappers
Submitted: 2012-10-25 00:54 UTC Modified: -
From: geissert@php.net Assigned:
Status: Closed Package: cURL related
PHP Version: 5.4.8 OS:
Private report: No CVE-ID: None
 [2012-10-25 00:54 UTC] geissert@php.net
Description:
------------
When PHP is built with --with-curlwrappers, the context option 
"curl_verify_ssl_host" sets curl's CURLOPT_SSL_VERIFYHOST option to 1, but there 
is no way to set it to 2.

Given that the option is a boolean, it should probably be setting the VERIFYHOST 
value to 2. There is no way to validate that the certificate belongs to the host 
otherwise.

This applies to the ftps and https stream wrappers.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-10-25 00:58 UTC] geissert@php.net
Of course this is a minor issue as the certificates store can't even be set, so 
this is just for the record.
 [2012-12-22 00:44 UTC] pierrick@php.net
Automatic comment on behalf of pierrick
Revision: http://git.php.net/?p=php-src.git;a=commit;h=af10e698a24e0e624920ea4c4b72a2bc3c647cef
Log: Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers)
 [2012-12-22 00:44 UTC] pierrick@php.net
-Status: Open +Status: Closed
 [2013-01-12 16:39 UTC] derick@php.net
Automatic comment on behalf of pierrick
Revision: http://git.php.net/?p=php-src.git;a=commit;h=af10e698a24e0e624920ea4c4b72a2bc3c647cef
Log: Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers)
 [2014-10-07 23:20 UTC] stas@php.net
Automatic comment on behalf of pierrick
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=af10e698a24e0e624920ea4c4b72a2bc3c647cef
Log: Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers)
 [2014-10-07 23:31 UTC] stas@php.net
Automatic comment on behalf of pierrick
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=af10e698a24e0e624920ea4c4b72a2bc3c647cef
Log: Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 02:01:28 2024 UTC