Open timint opened 3 years ago
Isn't it a security risk to disable SSL peer verifying? As we are making money transactions I think this one is critical. This allows for man in the middle attacks.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
https://github.com/sveawebpay/php-integration/blob/master/src/HostedService/HostedRequest.php#L61
Isn't it a security risk to disable SSL peer verifying? As we are making money transactions I think this one is critical. This allows for man in the middle attacks.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);https://github.com/sveawebpay/php-integration/blob/master/src/HostedService/HostedRequest.php#L61