search

dan-coulter / phpflickr

PHP Wrapper for the Flickr API
GNU General Public License v2.0
207 stars 128 forks source link

SSL #5

Closed nivklein closed 10 years ago

nivklein commented 10 years ago

Should add curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); To CURL calls

dan-coulter commented 10 years ago

I don't feel comfortable setting this to false. It means someone could attack your install by poisoning your DNS. It works with it set to true on my server.

It's probably OK for your use, but I don't feel good giving that code to everyone.

alerque commented 10 years ago

Good call here, distributed software should never set a flag like that without really good reason (of which there are few to none). @nivklein You should probably review why you need a flag like that on your system. You are probably missing an install of root CA certs or something on your system. Fixing the cause instead of the symptom would make your system(s) safer.

nivklein commented 10 years ago

Hi All, I'm using phpflickr for some study related project. I was working on it and the responses came back were malformed, and I fixed it by using this flag.

Currently I'm at work and I will not have time to look deeper into it in the next couple of days. I remember something related to Flickr's SSL restrictions, so I thought that was a general problem.

I understand now, according to you answers that this is probably something related to my machine and configuration. (which is now Apache on Windows...) Of course I agree with the striving to get to the source, and not just taking care of the symptoms!

I look into it once i have some time and will let you know if I get to anything interesting.

Anyway - thanks for supporting and thanks for the great code !

Best! Niv

On Mon, May 19, 2014 at 11:22 AM, Caleb Maclennan notifications@github.comwrote:

Good call here, distributed software should never set a flag like that without really good reason (of which there are few to none). @nivkleinhttps://github.com/nivkleinYou should probably review why you need a flag like that on your system. You are probably missing an install of root CA certs or something on your system. Fixing the cause instead of the symptom would make your system(s) safer.

— Reply to this email directly or view it on GitHubhttps://github.com/dan-coulter/phpflickr/issues/5#issuecomment-43476550 .