refactor: verify SSL peer and host when using client certificates

Author: mvdhoek1

src/PrefillGravityForms/Controllers/BaseController.php

@@ -311,8 +311,10 @@ protected function handleCurl(array $args, string $transientKey): array
                 curl_setopt($curl, CURLOPT_SSLKEYPASSWD, $this->settings->getPassphrase());
             }
 
-            curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, $this->settings->getSupplierCertificate() ? true : false);
-            curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, $this->settings->getSupplierCertificate() ? 2 : 0);
+            $shouldVerifyPeerHost = $this->shouldVerifyPeerHost();
+
+            curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, $shouldVerifyPeerHost);
+            curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, $shouldVerifyPeerHost ? 2 : 0);
             curl_setopt($curl, CURLOPT_TIMEOUT, $this->timeoutOptionCURL());
 
             $output = curl_exec($curl);
@@ -346,6 +348,15 @@ protected function handleCurl(array $args, string $transientKey): array
         }
     }
 
+    /**
+     * Verification of the peer's SSL certificate and host is only necessary when
+     * SSL certificates are used and a supplier certificate is provided.
+     */
+    private function shouldVerifyPeerHost(): bool
+    {
+        return $this->settings->useSSLCertificates() && $this->settings->getSupplierCertificate();
+    }
+
     /**
      * Extracts the burgerservicenummer (BSN) from the API response.
      */