Open zanerock opened 9 years ago
zanerock
commented
9 years ago After looking into it more, the curl backed method will verify the HTTPS certs if properly configured, in which case the solution might be to conditionally or at least optionally enable the HTTPS checks for curl. Still, might be simpler to remove curl dependency (?).
zuk
commented
9 years ago Sounds good to me. Pest is not getting the love it needs lately. Would you be interested in jumping on as a maintainer/contributor?
zanerock
commented
9 years ago Yes, I would. I'm integrating pest in a number of projects.
zuk
commented
9 years ago Okay you should now have full access to the Pest repo. https://github.com/djsipe is the other maintainer, but I don't think he's been too active lately. Judging from your comments, it sounds like you know what you're doing so I'll leave it to your judgement to decide what changes to push without breaking things for everyone else who uses the library.
On Sat, Feb 28, 2015 at 12:13 PM, Zane Rockenbaugh <notifications@github.com
wrote:
Yes, I would.
— Reply to this email directly or view it on GitHub https://github.com/educoder/pest/issues/62#issuecomment-76535069.
It seems possible to rewrite (something I'd be happy to contribute to) to use PHP streams rather than rely on curl for the HTTP requests. This has the advantage of actually using (rather than ignoring) HTTPS host verification. Also, it seems to me that vanilla Composer (which Pest supports) is incompatible with curl systems. At least on my setup, if PHP is compiled with curl, (the latest?) composer either fails to install (if
--with-curl-wrappersincluded) or fails at runtime (if 'wrappers' left out, but--with-curlleft in).