php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63352 Can't enable hostname validation when using curl stream wrappers
Submitted: 2012-10-25 00:54 UTC Modified: -
From: geissert@php.net Assigned:
Status: Closed Package: cURL related
PHP Version: 5.4.8 OS:
Private report: No CVE-ID: None
 [2012-10-25 00:54 UTC] geissert@php.net
Description:
------------
When PHP is built with --with-curlwrappers, the context option 
"curl_verify_ssl_host" sets curl's CURLOPT_SSL_VERIFYHOST option to 1, but there 
is no way to set it to 2.

Given that the option is a boolean, it should probably be setting the VERIFYHOST 
value to 2. There is no way to validate that the certificate belongs to the host 
otherwise.

This applies to the ftps and https stream wrappers.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-10-25 00:58 UTC] geissert@php.net
Of course this is a minor issue as the certificates store can't even be set, so 
this is just for the record.
 [2012-12-22 00:44 UTC] pierrick@php.net
Automatic comment on behalf of pierrick
Revision: http://git.php.net/?p=php-src.git;a=commit;h=af10e698a24e0e624920ea4c4b72a2bc3c647cef
Log: Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers)
 [2012-12-22 00:44 UTC] pierrick@php.net
-Status: Open +Status: Closed
 [2013-01-12 16:39 UTC] derick@php.net
Automatic comment on behalf of pierrick
Revision: http://git.php.net/?p=php-src.git;a=commit;h=af10e698a24e0e624920ea4c4b72a2bc3c647cef
Log: Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers)
 [2014-10-07 23:20 UTC] stas@php.net
Automatic comment on behalf of pierrick
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=af10e698a24e0e624920ea4c4b72a2bc3c647cef
Log: Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers)
 [2014-10-07 23:31 UTC] stas@php.net
Automatic comment on behalf of pierrick
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=af10e698a24e0e624920ea4c4b72a2bc3c647cef
Log: Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 22:01:31 2024 UTC