From 78888e26716cad65e8e9df11226384f5661cf657 Mon Sep 17 00:00:00 2001
From: Antonio Ospite <ao2@ao2.it>
Date: Wed, 3 Jun 2020 22:15:49 +0200
Subject: [PATCH] src/Tweeper.php: do not disable CURLOPT_SSL_VERIFYHOST and
 CURLOPT_SSL_VERIFYPEER

Do not disable CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER to
actually enforce certificate verification on TLS connections.

This was a relic of some early experimental code and should have not
made it to the stable release.

Moreover the value passed to CURLOPT_SSL_VERIFYHOST was also of the
wrong type, it should have been an integer rather than a boolean.
---
 src/Tweeper.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/Tweeper.php b/src/Tweeper.php
index aedde4d..7e277cf 100644
--- a/src/Tweeper.php
+++ b/src/Tweeper.php
@@ -123,8 +123,6 @@ class Tweeper {
       CURLOPT_FOLLOWLOCATION => TRUE,
       CURLOPT_COOKIEFILE => "",
       CURLOPT_RETURNTRANSFER => TRUE,
-      CURLOPT_SSL_VERIFYHOST => FALSE,
-      CURLOPT_SSL_VERIFYPEER => FALSE,
       CURLOPT_HTTPHEADER => array('Accept-language: en'),
       CURLOPT_USERAGENT => Tweeper::$userAgent,
     ));
@@ -146,8 +144,6 @@ class Tweeper {
       // Follow http redirects to get the real URL.
       CURLOPT_FOLLOWLOCATION => TRUE,
       CURLOPT_RETURNTRANSFER => TRUE,
-      CURLOPT_SSL_VERIFYHOST => FALSE,
-      CURLOPT_SSL_VERIFYPEER => FALSE,
       CURLOPT_USERAGENT => Tweeper::$userAgent,
     ));
 
-- 
2.1.4