php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77762 CURLOPT_SSL_VERIFYHOST should mention subjectaltname
Submitted: 2019-03-18 12:13 UTC Modified: 2021-07-16 15:12 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: hanno at hboeck dot de Assigned:
Status: Closed Package: Documentation problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2019-03-18 12:13 UTC] hanno at hboeck dot de
Description:
------------
Under
http://php.net/curl_setopt
the description of CURLOPT_SSL_VERIFYHOST reads
" 1 to check the existence of a common name in the SSL peer certificate. 2 to check the existence of a common name and also verify that it matches the hostname provided. 0 to not check the names. In production environments the value of this option should be kept at 2 (default value). "

The "common name" in a certificate is deprecated and the modern way of having hostnames in certificates is the subjectaltname. The correct description would therefore be that it checks for either the common name or the Subject Alternative Name. See also curl upstream docs:
https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-07-16 15:12 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2021-07-16 15:15 UTC] git@php.net
Automatic comment on behalf of cmb69
Revision: https://github.com/php/doc-en/commit/59e1af19dd3d3bac54ee03b0584ba18368693c01
Log: Fix #77762: CURLOPT_SSL_VERIFYHOST should mention subjectaltname
 [2021-07-16 15:15 UTC] git@php.net
-Status: Verified +Status: Closed
 [2021-07-17 00:57 UTC] git@php.net
Automatic comment on behalf of mumumu
Revision: https://github.com/php/doc-ja/commit/0d1812a76e0c7e67e8c3fa80368d25c0fb7deb2b
Log: Fix #77762: CURLOPT_SSL_VERIFYHOST should mention subjectaltname
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 01 01:01:28 2024 UTC