1.2.1059. Safe Curl Options

It is advised to always use CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST when requesting a SSL connection.

With those tests, the certificate is verified, and if it isn’t valid, the connection fails : this is a safe behavior.

<?php
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, https://www.php.net/);

// To be safe, always set this to true
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

curl_exec($ch);
curl_close($ch);
?>

See also Don’t turn off CURLOPT_SSL_VERIFYPEER, fix your PHP configuration, Certainty: Automated CACert.pem Management for PHP Software and Server-Side HTTPS Requests.

1.2.1059.1. Connex PHP features

• curl

• ssl

• https

1.2.1059.1.1. Suggestions

• Always use CURLOPT_SSL_VERIFYPEER and HTTPS for communication with other servers

1.2.1059.1.2. Specs

Short name	Security/CurlOptions
Rulesets	All, Changed Behavior, Security
Exakat since	0.8.4
PHP Version	All
Severity	Major
Time To Fix	Quick (30 mins)
Precision	High
Examples	OpenConf
Available in	Entreprise Edition, Exakat Cloud