search

yiisoft / yii2-httpclient

Yii 2 HTTP client
https://www.yiiframework.com
BSD 3-Clause "New" or "Revised" License
430 stars 157 forks source link

StreamTransport does not verify SSL certificates #222

Open cebe opened 1 year ago

cebe commented 1 year ago

What steps will reproduce the problem?

https://github.com/yiisoft/yii2-httpclient/blob/3fc9b07b413ddddc4f74822b58df9b18f639f6f0/src/StreamTransport.php#L41-L43

What's expected?

This value should be configurable via a property and the default should be true instead of false.

Additional info

Q A
Yii version not relevant
Yii HTTP Client version all
PHP version not relevant
Operating system all
schmunk42 commented 1 year ago

Do you mean a standalone property? Because isn't it configurable via options, see here?

I agree about the security implications, but it also might break several exisiting apps.

cebe commented 1 year ago

Because isn't it configurable via options, see here?

good point, did not notice it was configurable like that.

It is "only" a bad default then.

samdark commented 1 year ago

Yes, default should be adjusted. No need to add a dedicated property though.