Neither root certificate or TLS common-name from server are verified

registrobr / whmcs-registrobr-epp

WHMCS Registrar Module for interfacing to Registro.br EPP

GNU General Public License v3.0

41 stars 21 forks source link

Neither root certificate or TLS common-name from server are verified #58

Closed rubenskuhl closed 1 year ago

rubenskuhl commented 9 years ago

Ditto

rubenskuhl commented 9 years ago

When issue is solved, .br root.pem will need to be bundled.

rubenskuhl commented 8 years ago

This issue is likely part of the problem with PHP version 5.6 mentioned at issues #68 and #70, so what was once and enhancement is likely to be a requirement.

rubenskuhl commented 7 years ago

Confirmed that PHP 5.6 issues can be solved by deactivating peer checking, but this needs to be brought back so the connection can be verified using the root CA.

rubenskuhl commented 1 year ago

Commit f798b843ffae738c95074d03fbe9d9dab3c713e2 fixed this issue partially, by enabling verification of certificate common-name against DNS hostname. But to verify the CA this requires adding NIC.br EPP root to the local truststore and change verify-peer to true in RegistroEPP/RegistroEPP.class.php. This will be left as comment in the code .