Curl security disabled?

[luigifab]

For \tpayLibs\src\_class_tpay\Curl\CurlOptions I don't understand theses default settings:

• $verifyHost = 0;
• $verifyPeer = false;

In searched in all tpay-php library, setVerifyHost and disableVerifyPeer and enableVerifyPeer are not called. So in production environment, security is disabled?

[piotrjozwiak]

This options are disabled by default but you can use the curl methods manually.

Take a look at the example \tpayLibs\examples\TransactionApiExample using \tpayLibs\src_class_tpay\TransactionApi

If you overwrite parent method \tpayLibs\src_class_tpay\Utilities\ObjectsHelper::requests you can initialize your own Curl Instance, use required setters and overwrite like:

public function requests($url, $params) { $params['api_password'] = $this->trApiPass; $this->curl = new Curl(); $this->curl->setVerifyHost(1); $this->curl->enableVerifyPeer(); return $this->curl->setRequestUrl($url) ->setPostData($params) ->enableJSONResponse() ->doRequest() ->getResult(); }

I know this is not the best solution, but this library does not provide any other options.

[luigifab]

Good idea, this work. Thanks.