yii2-httpclient icon indicating copy to clipboard operation
yii2-httpclient copied to clipboard
verified publisher icon yiisoft

StreamTransport does not verify SSL certificates

Open cebe opened this issue 3 years ago • 3 comments

What steps will reproduce the problem?

https://github.com/yiisoft/yii2-httpclient/blob/3fc9b07b413ddddc4f74822b58df9b18f639f6f0/src/StreamTransport.php#L41-L43

What's expected?

This value should be configurable via a property and the default should be true instead of false.

Additional info

Q A
Yii version not relevant
Yii HTTP Client version all
PHP version not relevant
Operating system all

cebe avatar Nov 08 '22 07:11 cebe

Do you mean a standalone property? Because isn't it configurable via options, see here?

I agree about the security implications, but it also might break several exisiting apps.

schmunk42 avatar Nov 08 '22 10:11 schmunk42

Because isn't it configurable via options, see here?

good point, did not notice it was configurable like that.

It is "only" a bad default then.

cebe avatar Nov 09 '22 14:11 cebe

Yes, default should be adjusted. No need to add a dedicated property though.

samdark avatar Nov 13 '22 19:11 samdark