final public function Client::setSslVerification

Set SSL verification options.

Setting $certificateAuthority to TRUE will result in the bundled cacert.pem being used to verify against the remote host.

Alternate certificates to verify against can be specified with the $certificateAuthority option set to a certificate file location to be used with CURLOPT_CAINFO, or a certificate directory path to be used with the CURLOPT_CAPATH option.

Setting $certificateAuthority to FALSE will turn off peer verification, unset the bundled cacert.pem, and disable host verification. Please don't do this unless you really know what you're doing, and why you're doing it.

Parameters

string|bool $certificateAuthority bool, file path, or directory path:

bool $verifyPeer FALSE to stop cURL from verifying the peer's certificate.:

int $verifyHost Set the cURL handle's CURLOPT_SSL_VERIFYHOST option:

Return value

ClientInterface

Overrides ClientInterface::setSslVerification

1 call to Client::setSslVerification()
Client::__construct in drupal/core/vendor/guzzle/http/Guzzle/Http/Client.php
Client constructor

File

drupal/core/vendor/guzzle/http/Guzzle/Http/Client.php, line 124

Class

Client
HTTP client

Namespace

Guzzle\Http

Code

public final function setSslVerification($certificateAuthority = true, $verifyPeer = true, $verifyHost = 2) {
  $opts = $this->config
    ->get(self::CURL_OPTIONS) ?: array();
  if ($certificateAuthority === true) {

    // use bundled CA bundle, set secure defaults
    $opts[CURLOPT_CAINFO] = __DIR__ . '/Resources/cacert.pem';
    $opts[CURLOPT_SSL_VERIFYPEER] = true;
    $opts[CURLOPT_SSL_VERIFYHOST] = 2;
  }
  elseif ($certificateAuthority === false) {
    unset($opts[CURLOPT_CAINFO]);
    $opts[CURLOPT_SSL_VERIFYPEER] = false;
    $opts[CURLOPT_SSL_VERIFYHOST] = 1;
  }
  elseif ($verifyPeer !== true && $verifyPeer !== false && $verifyPeer !== 1 && $verifyPeer !== 0) {
    throw new InvalidArgumentException('verifyPeer must be 1, 0 or boolean');
  }
  elseif ($verifyHost !== 0 && $verifyHost !== 1 && $verifyHost !== 2) {
    throw new InvalidArgumentException('verifyHost must be 0, 1 or 2');
  }
  else {
    $opts[CURLOPT_SSL_VERIFYPEER] = $verifyPeer;
    $opts[CURLOPT_SSL_VERIFYHOST] = $verifyHost;
    if (is_file($certificateAuthority)) {
      unset($opts[CURLOPT_CAPATH]);
      $opts[CURLOPT_CAINFO] = $certificateAuthority;
    }
    elseif (is_dir($certificateAuthority)) {
      unset($opts[CURLOPT_CAINFO]);
      $opts[CURLOPT_CAPATH] = $certificateAuthority;
    }
  }
  $this->config
    ->set(self::CURL_OPTIONS, $opts);
  return $this;
}