3 files changed, 27 insertions, 1 deletions
diff --git a/doc/source/config.rst b/doc/source/config.rst
index e209ecb..d89d7f5 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -202,6 +202,17 @@ to explicitly whitelist some `stream wrappers <https://secure.php.net/manual/en/
  sp.wrappers_whitelist.list("file,php,phar");
+Mandatory certificates validation
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+:ref:`Mandatory certificate validation <mandatory-cert-validation>` ensures
+that it's not possible to turn off certificate validation for `cURL usage <https://secure.php.net/manual/en/book.curl.php>`__.
+::
+  sp.curl_verify_certificates.enable();
 Eval white and blacklist
 ^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/doc/source/encryption.rst b/doc/source/encryption.rst
index dc5dadf..23f36b4 100644
--- a/doc/source/encryption.rst
+++ b/doc/source/encryption.rst
@@ -4,7 +4,7 @@ Cookies
 =======
 Some cookies-related features might prevent other extensions from hooking
-the `setcookie<https://secure.php.net/manual/en/function.setcookie.php>`__
+the `setcookie <https://secure.php.net/manual/en/function.setcookie.php>`__
 function. Pay attention to the loading order of your extensions in this case.
 auto_cookie_secure
diff --git a/doc/source/features.rst b/doc/source/features.rst
index 540e982..f676468 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -344,6 +344,21 @@ Snuffleupagus can prevent the execution of this kind of file. A good practice
 would be to use a different user to run PHP than for administrating the website,
 and using this feature to lock this up.
+.. _mandatory-cert-validation:
+Mandatory certificates validation
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+It's a common practise to disable `certificate validation <https://en.wikipedia.org/wiki/Transport_Layer_Security>`__
+during development for convenience's sake. Unfortunately, it's equally common
+to forget to turn it back on.
+Snuffleupagus can prevent php code from turning off certificate validation
+for anything `cURL <https://secure.php.net/manual/en/book.curl.php>`__-based.
 .. _stream-wrapper-whitelist-feature:
 Whitelist of stream-wrappers

diff --git a/doc/source/config.rst b/doc/source/config.rst index e209ecb..d89d7f5 100644 --- a/doc/source/config.rst +++ b/doc/source/config.rst
@@ -202,6 +202,17 @@ to explicitly whitelist some `stream wrappers <https://secure.php.net/manual/en/
202	sp.wrappers_whitelist.list("file,php,phar");	202	sp.wrappers_whitelist.list("file,php,phar");
203		203
204		204
		205	Mandatory certificates validation
		206	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
		207
		208	:ref:`Mandatory certificate validation <mandatory-cert-validation>` ensures
		209	that it's not possible to turn off certificate validation for `cURL usage <https://secure.php.net/manual/en/book.curl.php>`__.
		210
		211	::
		212
		213	sp.curl_verify_certificates.enable();
		214
		215
205	Eval white and blacklist	216	Eval white and blacklist
206	^^^^^^^^^^^^^^^^^^^^^^^^	217	^^^^^^^^^^^^^^^^^^^^^^^^
207		218


diff --git a/doc/source/encryption.rst b/doc/source/encryption.rst index dc5dadf..23f36b4 100644 --- a/doc/source/encryption.rst +++ b/doc/source/encryption.rst
@@ -4,7 +4,7 @@ Cookies
4	=======	4	=======
5		5
6	Some cookies-related features might prevent other extensions from hooking	6	Some cookies-related features might prevent other extensions from hooking
7	the `setcookie<https://secure.php.net/manual/en/function.setcookie.php>`__	7	the `setcookie <https://secure.php.net/manual/en/function.setcookie.php>`__
8	function. Pay attention to the loading order of your extensions in this case.	8	function. Pay attention to the loading order of your extensions in this case.
9		9
10	auto_cookie_secure	10	auto_cookie_secure


diff --git a/doc/source/features.rst b/doc/source/features.rst index 540e982..f676468 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst
@@ -344,6 +344,21 @@ Snuffleupagus can prevent the execution of this kind of file. A good practice
344	would be to use a different user to run PHP than for administrating the website,	344	would be to use a different user to run PHP than for administrating the website,
345	and using this feature to lock this up.	345	and using this feature to lock this up.
346		346
		347
		348	.. _mandatory-cert-validation:
		349
		350	Mandatory certificates validation
		351	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
		352
		353	It's a common practise to disable `certificate validation <https://en.wikipedia.org/wiki/Transport_Layer_Security>`__
		354	during development for convenience's sake. Unfortunately, it's equally common
		355	to forget to turn it back on.
		356
		357	Snuffleupagus can prevent php code from turning off certificate validation
		358	for anything `cURL <https://secure.php.net/manual/en/book.curl.php>`__-based.
		359
		360
		361
347	.. _stream-wrapper-whitelist-feature:	362	.. _stream-wrapper-whitelist-feature:
348		363
349	Whitelist of stream-wrappers	364	Whitelist of stream-wrappers