CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST)

Fixed bug #63795

3 files changed, 78 insertions, 1 deletions

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 7b72873038..9ac89c5ff1 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -1679,6 +1679,16 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 	CURLcode     error=CURLE_OK;
 
 	switch (option) {
+		case CURLOPT_SSL_VERIFYHOST:
+			if(Z_BVAL_PP(zvalue) == 1) {
+#if LIBCURL_VERSION_NUM <= 0x071c00 /* 7.28.0 */
+				php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead");
+#else
+				php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead");
+				error = curl_easy_setopt(ch->cp, option, 2);
+				break;
+#endif
+			}
 		case CURLOPT_INFILESIZE:
 		case CURLOPT_VERBOSE:
 		case CURLOPT_HEADER:
@@ -1717,7 +1727,6 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 #if LIBCURL_VERSION_NUM > 0x071002
 		case CURLOPT_CONNECTTIMEOUT_MS:
 #endif
-		case CURLOPT_SSL_VERIFYHOST:
 		case CURLOPT_SSL_VERIFYPEER:
 		case CURLOPT_DNS_USE_GLOBAL_CACHE:
 		case CURLOPT_NOSIGNAL:
diff --git a/ext/curl/tests/bug63363.phpt b/ext/curl/tests/bug63363.phpt
new file mode 100644
index 0000000000..36abc5e0ae
--- /dev/null
+++ b/ext/curl/tests/bug63363.phpt
@@ -0,0 +1,34 @@
+--TEST--
+Bug #63363 (CURL silently accepts boolean value for SSL_VERIFYHOST)
+--SKIPIF--
+<?php
+if (!extension_loaded("curl")) {
+        exit("skip curl extension not loaded");
+}
+$curl_version = curl_version();
+if ($curl_version['version_number'] >= 0x071c01) {
+        exit("skip: test valid for libcurl < 7.28.1");
+}
+?>
+--FILE--
+<?php
+$ch = curl_init();
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
+/* Case that should throw an error */
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true));
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0));
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1));
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2));
+
+curl_close($ch);
+?>
+--EXPECTF--
+bool(true)
+
+Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead in %s on line %d
+bool(true)
+bool(true)
+
+Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead in %s on line %d
+bool(true)
+bool(true)
diff --git a/ext/curl/tests/bug63795.phpt b/ext/curl/tests/bug63795.phpt
new file mode 100644
index 0000000000..798faa68f9
--- /dev/null
+++ b/ext/curl/tests/bug63795.phpt
@@ -0,0 +1,34 @@
+--TEST--
+Bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST)
+--SKIPIF--
+<?php
+if (!extension_loaded("curl")) {
+        exit("skip curl extension not loaded");
+}
+$curl_version = curl_version();
+if ($curl_version['version_number'] < 0x071c01) {
+        exit("skip: test valid for libcurl >= 7.28.1");
+}
+?>
+--FILE--
+<?php
+$ch = curl_init();
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
+/* Case that should throw an error */
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true));
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0));
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1));
+var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2));
+
+curl_close($ch);
+?>
+--EXPECTF--
+bool(true)
+
+Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead in %s on line %d
+bool(true)
+bool(true)
+
+Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead in %s on line %d
+bool(true)
+bool(true)