search

nategood / httpful

A Chainable, REST Friendly, PHP HTTP Client. A sane alternative to cURL.
MIT License
1.74k stars 299 forks source link

strict_ssl is false by default #247

Open Klaasvaak opened 7 years ago

Klaasvaak commented 7 years ago

I found this here: https://github.com/nategood/httpful/blob/fc8e4274a09529a6ff29b9c6c0a105ee43dbfda5/src/Httpful/Request.php#L35

It looks like it will not verify tls by default, is that true? If so, shouldn't the strict_ssl value be true by default?

It also forces the withoutStrictSSL in _initializeDefaults here: https://github.com/nategood/httpful/blob/fc8e4274a09529a6ff29b9c6c0a105ee43dbfda5/src/Httpful/Request.php#L767

rvanlaak commented 7 years ago

What about strict peer verification? http://php.net/manual/en/migration56.incompatible.php#migration56.incompatible.peer-verification