Why set CURLOPT_SSL_VERIFYPEER to false?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support mbrsolution

    (@mbrsolution)

    Hi, the plugin developers will investigate further your question.

    Thank you

    Plugin Author mra13

    (@mra13)

    By default, the plugin uses the values that will work on MOST sites. It is really hard to set values that will fail on a lot of sites then try to teach each individual site owners that they should fix their system configuration (which most of them don’t understand).

    What we can do is add a parameter in the shortcode so you can control that field’s value using the shortcode (or a settings option).

    Thread Starter Jan Reilink

    (@janr)

    Hi @mra13, thank you for your reply and the best wishes for 2017.

    First of all, I certainly don’t want to dictate about what you should and shouldn’t do. But why implementing your own cURL functions instead of the WP HTTP API functions? WordPress ships a valid root certificates file since version 3.7 (source: https://wordpress.stackexchange.com/a/167947/27620 by Otto Wood).

    And by setting CURLOPT_SSL_VERIFYPEER => false you are basically breaking the trust SSL / TLS provides.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Why set CURLOPT_SSL_VERIFYPEER to false?’ is closed to new replies.

Tags