Skip to content

Avoid disabling SSL certificate verification#1

Open
ashokak wants to merge 5 commits into
jboesch:masterfrom
ashokak:patch-1
Open

Avoid disabling SSL certificate verification#1
ashokak wants to merge 5 commits into
jboesch:masterfrom
ashokak:patch-1

Conversation

@ashokak

@ashokak ashokak commented Apr 23, 2012

Copy link
Copy Markdown

Since 7.10, curl will verify the certificate by default.
Users who get certificate errors should check their curl installation/configuration, and fix that, rather than connecting to anyone claiming to be FreshBooks.

(Thanks for the handy library; hope this is a useful change.)

@ashokak
Avoid disabling SSL certificate verification.
43d5f42 
Since 7.10, curl will verify the certificate by default.
Users who get certificate errors should check their curl installation/configuration, and fix that, rather than connecting to anyone claiming to be FreshBooks.
@jboesch

jboesch commented Apr 23, 2012

Copy link
Copy Markdown
Owner

I don't want it to check a certificate by default. I don't think most people will have this.
If you're going to make a change like this, I would rather it be configurable. Like, have it like you do by default. But if the user chooses, they can set SSL_VERIFYPEER to false.

Maybe a 3rd param to init that allows you to specify options.

$options = array(
'ssl' => false
);
FreshBooksRequest::init($domain, $token, $options);

@ashokak

ashokak commented Apr 24, 2012

Copy link
Copy Markdown
Author

Understandable.

How about this. Same secure-by-default behaviour, but instead of a bag of options to init(), an explicit method to disable the verification?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ashokak @jboesch