From: Antonio Ospite Date: Wed, 3 Jun 2020 20:15:49 +0000 (+0200) Subject: src/Tweeper.php: do not disable CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER X-Git-Tag: v1.4.2~9 X-Git-Url: https://git.ao2.it/tweeper.git/commitdiff_plain/78888e26716cad65e8e9df11226384f5661cf657?ds=sidebyside;hp=da4568f5a2d24e0933d44b16b5ef180095c42dab src/Tweeper.php: do not disable CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER Do not disable CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER to actually enforce certificate verification on TLS connections. This was a relic of some early experimental code and should have not made it to the stable release. Moreover the value passed to CURLOPT_SSL_VERIFYHOST was also of the wrong type, it should have been an integer rather than a boolean. --- diff --git a/src/Tweeper.php b/src/Tweeper.php index aedde4d..7e277cf 100644 --- a/src/Tweeper.php +++ b/src/Tweeper.php @@ -123,8 +123,6 @@ class Tweeper { CURLOPT_FOLLOWLOCATION => TRUE, CURLOPT_COOKIEFILE => "", CURLOPT_RETURNTRANSFER => TRUE, - CURLOPT_SSL_VERIFYHOST => FALSE, - CURLOPT_SSL_VERIFYPEER => FALSE, CURLOPT_HTTPHEADER => array('Accept-language: en'), CURLOPT_USERAGENT => Tweeper::$userAgent, )); @@ -146,8 +144,6 @@ class Tweeper { // Follow http redirects to get the real URL. CURLOPT_FOLLOWLOCATION => TRUE, CURLOPT_RETURNTRANSFER => TRUE, - CURLOPT_SSL_VERIFYHOST => FALSE, - CURLOPT_SSL_VERIFYPEER => FALSE, CURLOPT_USERAGENT => Tweeper::$userAgent, ));