diff options
author | John Jawed (JJ) <jawed@php.net> | 2012-10-24 21:47:47 -0700 |
---|---|---|
committer | Anthony Ferrara <ircmaxell@gmail.com> | 2012-10-25 16:00:02 -0400 |
commit | f68f31f1211f4f3fe8c692269e916358110fa73d (patch) | |
tree | 724a8db65e210b38ea99961d40651d580bf266da | |
parent | 0737be7e7baf1fece1683ca9f33064733d8b3514 (diff) | |
download | php-git-f68f31f1211f4f3fe8c692269e916358110fa73d.tar.gz |
Notice if CURLOPT_SSL_VERIFYHOST is set to true
-rw-r--r-- | ext/curl/interface.c | 6 | ||||
-rw-r--r-- | ext/curl/tests/bug63363.phpt | 29 |
2 files changed, 34 insertions, 1 deletions
diff --git a/ext/curl/interface.c b/ext/curl/interface.c index d75e5c058b..00dbfd3d25 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -1683,6 +1683,11 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu CURLcode error=CURLE_OK; switch (option) { + /* Long options */ + case CURLOPT_SSL_VERIFYHOST: + if(Z_TYPE_PP(zvalue)==IS_BOOL && Z_BVAL_PP(zvalue)) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation)"); + } case CURLOPT_INFILESIZE: case CURLOPT_VERBOSE: case CURLOPT_HEADER: @@ -1721,7 +1726,6 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu #if LIBCURL_VERSION_NUM > 0x071002 case CURLOPT_CONNECTTIMEOUT_MS: #endif - case CURLOPT_SSL_VERIFYHOST: case CURLOPT_SSL_VERIFYPEER: case CURLOPT_DNS_USE_GLOBAL_CACHE: case CURLOPT_NOSIGNAL: diff --git a/ext/curl/tests/bug63363.phpt b/ext/curl/tests/bug63363.phpt new file mode 100644 index 0000000000..43deaa2346 --- /dev/null +++ b/ext/curl/tests/bug63363.phpt @@ -0,0 +1,29 @@ +--TEST-- +Bug #63363 (CURL silently accepts boolean value for SSL_VERIFYHOST) +--SKIPIF-- +<?php +if (!extension_loaded("curl")) { + exit("skip curl extension not loaded"); +} + +?> +--FILE-- +<?php +$ch = curl_init(); +var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false)); +/* Case that should throw an error */ +var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true)); +var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0)); +var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1)); +var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2)); + +curl_close($ch); +?> +--EXPECTF-- +bool(true) + +Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation) in %s on line %d +bool(true) +bool(true) +bool(true) +bool(true) |