Enable certification checking per default

[adrium]

Enable certification checking should be enabled by default. Please note:

• CURLOPT_SSL_VERIFYPEER

  WARNING: disabling verification of the certificate allows bad guys to man-in-the-middle the communication without you knowing it. Disabling verification makes the communication insecure.

  -- https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html

• CURLOPT_SSL_VERIFYHOST

  When the verify value is 0, the connection succeeds regardless of the names in the certificate. Use that ability with caution!

  -- https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html

  In production environments the value of this option should be kept at 2 (default value).

  -- http://php.net/manual/en/function.curl-setopt.php

Users of this library should not be exposed to insecure behaviour. Since this library is published on Packagist with some popularity (> 100), I decided to write a pull request.

If necessary, the certificate checks could be disabled by the user by setting the connection options.

[vyuldashev]

Hi! Good point, but your PR just changes default values and does not give option to change these values.

[adrium]

Hi, I have never used this library and I do not intend to in the near future. I use another library for implicit FTPS. It also used insecure settings, see vendi-advertising/ftp_implicit_ssl#1.

your PR just changes default values and does not give option to change these values.

I rather just wanted to let you know, that the options in your library expose the users to insecure behaviour and I thinking fixing this should be high priority.

And maybe you already have an idea and would want to implement this in your own code style? Moreover, I thought it could be possible by doing something like:

$adapter->getConnection()->setOptions($options);

[vyuldashev]

Released v2.0.0 with secure options by default which can be changed. Credits @simoheinonen