Skip SSL verification
thekid opened this issue · 1 comments
thekid commented
Currently only possible via:
index 6cd14dc..b732637 100644
--- a/src/main/php/peer/http/SSLSocketHttpTransport.class.php
+++ b/src/main/php/peer/http/SSLSocketHttpTransport.class.php
@@ -21,11 +21,14 @@ class SSLSocketHttpTransport extends SocketHttpTransport {
*/
protected function newSocket(\peer\URL $url, $arg) {
if ('tls' === $arg) {
- return new TLSSocket($url->getHost(), $url->getPort(443), null);
+ $s= new TLSSocket($url->getHost(), $url->getPort(443), null);
} else {
sscanf($arg, 'v%d', $version);
- return new SSLSocket($url->getHost(), $url->getPort(443), null, $version);
+ $s= new SSLSocket($url->getHost(), $url->getPort(443), null, $version);
}
+ $s->setVerifyPeer(false);
+ $s->setAllowSelfSigned(false);
+ return $s;
}
(plus a couple more tweeks for proxy setups)
Especially for testing against self-signed certificates, this can be tedious. Maybe passing https+unverified://example.com/
can make this easier but not compromise default security
/cc @kiesel
kiesel commented
👍 for this - for development this is often necessary.