This repository has been archived by the owner on Mar 15, 2020. It is now read-only.
Empty context in humbug_get_contents #7
Assignees
Comments
|
@waltertamboer It's a bit perverse on old PHP versions. In PHP less than 5.6, PHP performed zero verification unless you accurately configured all of the necessary elements just right. Not all of the "necessary" elements were even available - like support for matching Subject Alternative Names which is now commonplace. With 5.6, the new peer_name is managed internally, without manual interference, parsed from the domain name of the given URL. The setup is effectively secure out of the box. CN_match is deprecated as of 5.6 as a result - the "CN" prefix would also be inaccurate since peer_name leverages the new SAN support. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
For PHP versions >= 5.6 an empty context is passed to file_get_contents. See https://github.com/padraic/file_get_contents/blob/master/src/function.php#L29
Is this correct? Could you elaborate why CN_match is set for PHP versions less than 5.6 but peer_name is not set for >= 5.6? (ftr, CN_match is deprecated and peer_name should be used from 5.6+)
Thanks!
The text was updated successfully, but these errors were encountered: