php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77762 CURLOPT_SSL_VERIFYHOST should mention subjectaltname
Submitted: 2019-03-18 12:13 UTC Modified: -
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: hanno at hboeck dot de Assigned:
Status: Open Package: Documentation problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: hanno at hboeck dot de
New email:
PHP Version: OS:

 

 [2019-03-18 12:13 UTC] hanno at hboeck dot de
Description:
------------
Under
http://php.net/curl_setopt
the description of CURLOPT_SSL_VERIFYHOST reads
" 1 to check the existence of a common name in the SSL peer certificate. 2 to check the existence of a common name and also verify that it matches the hostname provided. 0 to not check the names. In production environments the value of this option should be kept at 2 (default value). "

The "common name" in a certificate is deprecated and the modern way of having hostnames in certificates is the subjectaltname. The correct description would therefore be that it checks for either the common name or the Subject Alternative Name. See also curl upstream docs:
https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html


Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 23:01:24 2019 UTC