12 files changed, 108 insertions, 0 deletions
diff --git a/src/config.m4 b/src/config.m4
index 52b6d04..dc88661 100644
--- a/src/config.m4
+++ b/src/config.m4
@@ -7,6 +7,7 @@ sources="$sources sp_disabled_functions.c sp_execute.c sp_upload_validation.c"
 sources="$sources sp_cookie_encryption.c sp_network_utils.c tweetnacl.c"
 sources="$sources sp_config_keywords.c sp_var_parser.c sp_var_value.c sp_tree.c"
 sources="$sources sp_pcre_compat.c sp_crypt.c sp_session.c sp_sloppy.c sp_wrapper.c"
+sources="$sources sp_curl_verify_certificates.c"
 PHP_ARG_ENABLE(snuffleupagus, whether to enable snuffleupagus support,
 [  --enable-snuffleupagus           Enable snuffleupagus support])
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
index 41d9b77..9dc045c 100644
--- a/src/php_snuffleupagus.h
+++ b/src/php_snuffleupagus.h
@@ -32,6 +32,7 @@
 #include "sp_config.h"
 #include "sp_config_utils.h"
 #include "sp_config_keywords.h"
+#include "sp_curl_verify_certificates.h"
 #include "sp_cookie_encryption.h"
 #include "sp_disable_xxe.h"
 #include "sp_disabled_functions.h"
diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c
index 1a92f11..9f92397 100644
--- a/src/snuffleupagus.c
+++ b/src/snuffleupagus.c
@@ -96,6 +96,7 @@ PHP_GINIT_FUNCTION(snuffleupagus) {
  SP_INIT(snuffleupagus_globals->config.config_session);
  SP_INIT(snuffleupagus_globals->config.config_eval);
  SP_INIT(snuffleupagus_globals->config.config_wrapper);
+  SP_INIT(snuffleupagus_globals->config.config_curl_verify_certificates);
  snuffleupagus_globals->config.config_disabled_functions_reg
      ->disabled_functions = NULL;
@@ -143,6 +144,7 @@ PHP_MSHUTDOWN_FUNCTION(snuffleupagus) {
  pefree(SNUFFLEUPAGUS_G(config.config_random), 1);
  pefree(SNUFFLEUPAGUS_G(config.config_readonly_exec), 1);
  pefree(SNUFFLEUPAGUS_G(config.config_global_strict), 1);
+  pefree(SNUFFLEUPAGUS_G(config.config_curl_verify_certificates), 1);
  pefree(SNUFFLEUPAGUS_G(config.config_auto_cookie_secure), 1);
  pefree(SNUFFLEUPAGUS_G(config.config_snuffleupagus), 1);
  pefree(SNUFFLEUPAGUS_G(config.config_disable_xxe), 1);
@@ -272,6 +274,10 @@ static PHP_INI_MH(OnUpdateConfiguration) {
    hook_session();
  }
+  if (SNUFFLEUPAGUS_G(config).config_curl_verify_certificates->enable) {
+    hook_curl_verify_certificates();
+  }
  if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) {
    if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) {
      zend_extension_entry.startup = NULL;
diff --git a/src/sp_config.c b/src/sp_config.c
index 2480362..bc703a6 100644
--- a/src/sp_config.c
+++ b/src/sp_config.c
@@ -24,6 +24,7 @@ sp_config_tokens const sp_func[] = {
    {.func = parse_session, .token = SP_TOKEN_SESSION_ENCRYPTION},
    {.func = parse_sloppy_comparison, .token = SP_TOKEN_SLOPPY_COMPARISON},
    {.func = parse_wrapper_whitelist, .token = SP_TOKEN_ALLOW_WRAPPERS},
+    {.func = parse_curl_verify_certificates, .token = SP_TOKEN_CURL_VERIFY_CERTIFICATES},
    {NULL, NULL}};
 /* Top level keyword parsing */
diff --git a/src/sp_config.h b/src/sp_config.h
index 9d58359..4d85cf2 100644
--- a/src/sp_config.h
+++ b/src/sp_config.h
@@ -55,6 +55,10 @@ typedef struct {
 typedef struct {
  bool enable;
+} sp_config_curl_verify_certificates;
+typedef struct {
+  bool enable;
 } sp_config_random;
 typedef struct {
@@ -162,6 +166,7 @@ typedef struct {
 typedef struct {
  sp_config_random *config_random;
+        sp_config_curl_verify_certificates *config_curl_verify_certificates;
  sp_config_sloppy *config_sloppy;
  sp_config_unserialize *config_unserialize;
  sp_config_readonly_exec *config_readonly_exec;
@@ -264,6 +269,9 @@ typedef struct {
 // upload_validator
 #define SP_TOKEN_UPLOAD_SCRIPT ".script("
+// cURL certificate verify
+# define SP_TOKEN_CURL_VERIFY_CERTIFICATES ".curl_verify_certificates"
 #define SP_TOKEN_LIST ".list("
 int sp_parse_config(const char *);
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index 93077c6..ee4d130 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -94,6 +94,11 @@ int parse_global_strict(char *line) {
      line, &(SNUFFLEUPAGUS_G(config).config_global_strict->enable), NULL);
 }
+int parse_curl_verify_certificates(char *line) {
+  return parse_enable(
+      line, &(SNUFFLEUPAGUS_G(config).config_curl_verify_certificates->enable), NULL);
+}
 int parse_unserialize(char *line) {
  bool enable = false, disable = false;
  sp_config_unserialize *unserialize =
diff --git a/src/sp_config_keywords.h b/src/sp_config_keywords.h
index ab58456..f7a4ca4 100644
--- a/src/sp_config_keywords.h
+++ b/src/sp_config_keywords.h
@@ -17,5 +17,6 @@ int parse_eval_whitelist(char *line);
 int parse_session(char *line);
 int parse_sloppy_comparison(char *line);
 int parse_wrapper_whitelist(char *line);
+int parse_curl_verify_certificates(char *line);
 #endif  // __SP_CONFIG_KEYWORDS_H
diff --git a/src/sp_curl_verify_certificates.c b/src/sp_curl_verify_certificates.c
new file mode 100644
index 0000000..057ee29
--- /dev/null
+++ b/src/sp_curl_verify_certificates.c
@@ -0,0 +1,33 @@
+#include "php_snuffleupagus.h"
+#include "sp_config.h"
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+PHP_FUNCTION(sp_curl_setopt) {
+        void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
+        zend_string *protocol_name = NULL;
+        zval *zid, *zvalue;
+        zend_long options;
+        ZEND_PARSE_PARAMETERS_START(3, 3)
+                Z_PARAM_RESOURCE(zid)
+                Z_PARAM_LONG(options)
+                Z_PARAM_ZVAL(zvalue)
+        ZEND_PARSE_PARAMETERS_END();
+        if (options & CURLOPT_SSL_VERIFYPEER && zval_get_long(zvalue) != 1) {
+                        sp_log_err("verify_vertificates", "Please don't deactivate server certificate validation");
+        } else if (options & CURLOPT_SSL_VERIFYHOST && zval_get_long(zvalue) != 2) {
+                        sp_log_err("verify_vertificates", "Please don't deactivate client certificate validation");
+        }
+        orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+}
+int hook_curl_verify_certificates() {
+        TSRMLS_FETCH();
+  HOOK_FUNCTION("curl_setopt", sp_internal_functions_hook, PHP_FN(sp_curl_setopt));
+        return SUCCESS;
+}
diff --git a/src/sp_curl_verify_certificates.h b/src/sp_curl_verify_certificates.h
new file mode 100644
index 0000000..f4f680e
--- /dev/null
+++ b/src/sp_curl_verify_certificates.h
@@ -0,0 +1,15 @@
+#ifndef SP_CURL_VERIFY_CERTIFICATES_H
+#define SP_CURL_VERIFY_CERTIFICATES_H
+#include "php_snuffleupagus.h"
+#ifndef CURLOPT_SSL_VERIFYPEER
+#define CURLOPT_SSL_VERIFYPEER 64
+#endif
+#ifndef CURLOPT_SSL_VERIFYHOST
+#define CURLOPT_SSL_VERIFYHOST 81
+#endif
+int hook_curl_verify_certificates();
+#endif
diff --git a/src/tests/config/disabled_function_curl_verify_certs.ini b/src/tests/config/disabled_function_curl_verify_certs.ini
new file mode 100644
index 0000000..64d54a7
--- /dev/null
+++ b/src/tests/config/disabled_function_curl_verify_certs.ini
@@ -0,0 +1 @@
+sp.curl_verify_certificates.enable();
diff --git a/src/tests/ensure_client_valid_certs.phpt b/src/tests/ensure_client_valid_certs.phpt
new file mode 100644
index 0000000..64c523c
--- /dev/null
+++ b/src/tests/ensure_client_valid_certs.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Disable functions - Ensure that client certificates validation can't be disabled
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) die "skip"; 
+if (!extension_loaded("curl")) die "skip"; 
+?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
+--FILE--
+<?php
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_VERBOSE, '1'); 
+curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '0'); 
+echo "1337";
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][verify_vertificates] Please don't deactivate client certificate validation in %s/tests/ensure_client_valid_certs.php on line %d
diff --git a/src/tests/ensure_server_valid_certs.phpt b/src/tests/ensure_server_valid_certs.phpt
new file mode 100644
index 0000000..7eaf1a4
--- /dev/null
+++ b/src/tests/ensure_server_valid_certs.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Disable functions - Ensure that server certificates validation can't be disabled
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) die "skip"; 
+if (!extension_loaded("curl")) die "skip"; 
+?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
+--FILE--
+<?php
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_VERBOSE, '1'); 
+curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '0'); 
+echo "1337";
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][verify_vertificates] Please don't deactivate client certificate validation in %s/tests/ensure_server_valid_certs.php on line 3

diff --git a/src/config.m4 b/src/config.m4 index 52b6d04..dc88661 100644 --- a/src/config.m4 +++ b/src/config.m4
@@ -7,6 +7,7 @@ sources="$sources sp_disabled_functions.c sp_execute.c sp_upload_validation.c"
7	sources="$sources sp_cookie_encryption.c sp_network_utils.c tweetnacl.c"	7	sources="$sources sp_cookie_encryption.c sp_network_utils.c tweetnacl.c"
8	sources="$sources sp_config_keywords.c sp_var_parser.c sp_var_value.c sp_tree.c"	8	sources="$sources sp_config_keywords.c sp_var_parser.c sp_var_value.c sp_tree.c"
9	sources="$sources sp_pcre_compat.c sp_crypt.c sp_session.c sp_sloppy.c sp_wrapper.c"	9	sources="$sources sp_pcre_compat.c sp_crypt.c sp_session.c sp_sloppy.c sp_wrapper.c"
		10	sources="$sources sp_curl_verify_certificates.c"
10		11
11	PHP_ARG_ENABLE(snuffleupagus, whether to enable snuffleupagus support,	12	PHP_ARG_ENABLE(snuffleupagus, whether to enable snuffleupagus support,
12	[ --enable-snuffleupagus Enable snuffleupagus support])	13	[ --enable-snuffleupagus Enable snuffleupagus support])


diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 41d9b77..9dc045c 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h
@@ -32,6 +32,7 @@
32	#include "sp_config.h"	32	#include "sp_config.h"
33	#include "sp_config_utils.h"	33	#include "sp_config_utils.h"
34	#include "sp_config_keywords.h"	34	#include "sp_config_keywords.h"
		35	#include "sp_curl_verify_certificates.h"
35	#include "sp_cookie_encryption.h"	36	#include "sp_cookie_encryption.h"
36	#include "sp_disable_xxe.h"	37	#include "sp_disable_xxe.h"
37	#include "sp_disabled_functions.h"	38	#include "sp_disabled_functions.h"


diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 1a92f11..9f92397 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c
@@ -96,6 +96,7 @@ PHP_GINIT_FUNCTION(snuffleupagus) {
96	SP_INIT(snuffleupagus_globals->config.config_session);	96	SP_INIT(snuffleupagus_globals->config.config_session);
97	SP_INIT(snuffleupagus_globals->config.config_eval);	97	SP_INIT(snuffleupagus_globals->config.config_eval);
98	SP_INIT(snuffleupagus_globals->config.config_wrapper);	98	SP_INIT(snuffleupagus_globals->config.config_wrapper);
		99	SP_INIT(snuffleupagus_globals->config.config_curl_verify_certificates);
99		100
100	snuffleupagus_globals->config.config_disabled_functions_reg	101	snuffleupagus_globals->config.config_disabled_functions_reg
101	->disabled_functions = NULL;	102	->disabled_functions = NULL;
@@ -143,6 +144,7 @@ PHP_MSHUTDOWN_FUNCTION(snuffleupagus) {
143	pefree(SNUFFLEUPAGUS_G(config.config_random), 1);	144	pefree(SNUFFLEUPAGUS_G(config.config_random), 1);
144	pefree(SNUFFLEUPAGUS_G(config.config_readonly_exec), 1);	145	pefree(SNUFFLEUPAGUS_G(config.config_readonly_exec), 1);
145	pefree(SNUFFLEUPAGUS_G(config.config_global_strict), 1);	146	pefree(SNUFFLEUPAGUS_G(config.config_global_strict), 1);
		147	pefree(SNUFFLEUPAGUS_G(config.config_curl_verify_certificates), 1);
146	pefree(SNUFFLEUPAGUS_G(config.config_auto_cookie_secure), 1);	148	pefree(SNUFFLEUPAGUS_G(config.config_auto_cookie_secure), 1);
147	pefree(SNUFFLEUPAGUS_G(config.config_snuffleupagus), 1);	149	pefree(SNUFFLEUPAGUS_G(config.config_snuffleupagus), 1);
148	pefree(SNUFFLEUPAGUS_G(config.config_disable_xxe), 1);	150	pefree(SNUFFLEUPAGUS_G(config.config_disable_xxe), 1);
@@ -272,6 +274,10 @@ static PHP_INI_MH(OnUpdateConfiguration) {
272	hook_session();	274	hook_session();
273	}	275	}
274		276
		277	if (SNUFFLEUPAGUS_G(config).config_curl_verify_certificates->enable) {
		278	hook_curl_verify_certificates();
		279	}
		280
275	if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) {	281	if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) {
276	if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) {	282	if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) {
277	zend_extension_entry.startup = NULL;	283	zend_extension_entry.startup = NULL;


diff --git a/src/sp_config.c b/src/sp_config.c index 2480362..bc703a6 100644 --- a/src/sp_config.c +++ b/src/sp_config.c
@@ -24,6 +24,7 @@ sp_config_tokens const sp_func[] = {
24	{.func = parse_session, .token = SP_TOKEN_SESSION_ENCRYPTION},	24	{.func = parse_session, .token = SP_TOKEN_SESSION_ENCRYPTION},
25	{.func = parse_sloppy_comparison, .token = SP_TOKEN_SLOPPY_COMPARISON},	25	{.func = parse_sloppy_comparison, .token = SP_TOKEN_SLOPPY_COMPARISON},
26	{.func = parse_wrapper_whitelist, .token = SP_TOKEN_ALLOW_WRAPPERS},	26	{.func = parse_wrapper_whitelist, .token = SP_TOKEN_ALLOW_WRAPPERS},
		27	{.func = parse_curl_verify_certificates, .token = SP_TOKEN_CURL_VERIFY_CERTIFICATES},
27	{NULL, NULL}};	28	{NULL, NULL}};
28		29
29	/* Top level keyword parsing */	30	/* Top level keyword parsing */


diff --git a/src/sp_config.h b/src/sp_config.h index 9d58359..4d85cf2 100644 --- a/src/sp_config.h +++ b/src/sp_config.h
@@ -55,6 +55,10 @@ typedef struct {
55		55
56	typedef struct {	56	typedef struct {
57	bool enable;	57	bool enable;
		58	} sp_config_curl_verify_certificates;
		59
		60	typedef struct {
		61	bool enable;
58	} sp_config_random;	62	} sp_config_random;
59		63
60	typedef struct {	64	typedef struct {
@@ -162,6 +166,7 @@ typedef struct {
162		166
163	typedef struct {	167	typedef struct {
164	sp_config_random *config_random;	168	sp_config_random *config_random;
		169	sp_config_curl_verify_certificates *config_curl_verify_certificates;
165	sp_config_sloppy *config_sloppy;	170	sp_config_sloppy *config_sloppy;
166	sp_config_unserialize *config_unserialize;	171	sp_config_unserialize *config_unserialize;
167	sp_config_readonly_exec *config_readonly_exec;	172	sp_config_readonly_exec *config_readonly_exec;
@@ -264,6 +269,9 @@ typedef struct {
264	// upload_validator	269	// upload_validator
265	#define SP_TOKEN_UPLOAD_SCRIPT ".script("	270	#define SP_TOKEN_UPLOAD_SCRIPT ".script("
266		271
		272	// cURL certificate verify
		273	# define SP_TOKEN_CURL_VERIFY_CERTIFICATES ".curl_verify_certificates"
		274
267	#define SP_TOKEN_LIST ".list("	275	#define SP_TOKEN_LIST ".list("
268		276
269	int sp_parse_config(const char *);	277	int sp_parse_config(const char *);


diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 93077c6..ee4d130 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c
@@ -94,6 +94,11 @@ int parse_global_strict(char *line) {
94	line, &(SNUFFLEUPAGUS_G(config).config_global_strict->enable), NULL);	94	line, &(SNUFFLEUPAGUS_G(config).config_global_strict->enable), NULL);
95	}	95	}
96		96
		97	int parse_curl_verify_certificates(char *line) {
		98	return parse_enable(
		99	line, &(SNUFFLEUPAGUS_G(config).config_curl_verify_certificates->enable), NULL);
		100	}
		101
97	int parse_unserialize(char *line) {	102	int parse_unserialize(char *line) {
98	bool enable = false, disable = false;	103	bool enable = false, disable = false;
99	sp_config_unserialize *unserialize =	104	sp_config_unserialize *unserialize =


diff --git a/src/sp_config_keywords.h b/src/sp_config_keywords.h index ab58456..f7a4ca4 100644 --- a/src/sp_config_keywords.h +++ b/src/sp_config_keywords.h
@@ -17,5 +17,6 @@ int parse_eval_whitelist(char *line);
17	int parse_session(char *line);	17	int parse_session(char *line);
18	int parse_sloppy_comparison(char *line);	18	int parse_sloppy_comparison(char *line);
19	int parse_wrapper_whitelist(char *line);	19	int parse_wrapper_whitelist(char *line);
		20	int parse_curl_verify_certificates(char *line);
20		21
21	#endif // __SP_CONFIG_KEYWORDS_H	22	#endif // __SP_CONFIG_KEYWORDS_H


diff --git a/src/sp_curl_verify_certificates.c b/src/sp_curl_verify_certificates.c new file mode 100644 index 0000000..057ee29 --- /dev/null +++ b/src/sp_curl_verify_certificates.c
@@ -0,0 +1,33 @@
		1	#include "php_snuffleupagus.h"
		2	#include "sp_config.h"
		3
		4	ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
		5
		6	PHP_FUNCTION(sp_curl_setopt) {
		7	void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
		8	zend_string *protocol_name = NULL;
		9	zval zid, zvalue;
		10	zend_long options;
		11
		12	ZEND_PARSE_PARAMETERS_START(3, 3)
		13	Z_PARAM_RESOURCE(zid)
		14	Z_PARAM_LONG(options)
		15	Z_PARAM_ZVAL(zvalue)
		16	ZEND_PARSE_PARAMETERS_END();
		17
		18	if (options & CURLOPT_SSL_VERIFYPEER && zval_get_long(zvalue) != 1) {
		19	sp_log_err("verify_vertificates", "Please don't deactivate server certificate validation");
		20	} else if (options & CURLOPT_SSL_VERIFYHOST && zval_get_long(zvalue) != 2) {
		21	sp_log_err("verify_vertificates", "Please don't deactivate client certificate validation");
		22	}
		23
		24	orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
		25	}
		26
		27	int hook_curl_verify_certificates() {
		28	TSRMLS_FETCH();
		29
		30	HOOK_FUNCTION("curl_setopt", sp_internal_functions_hook, PHP_FN(sp_curl_setopt));
		31
		32	return SUCCESS;
		33	}


diff --git a/src/sp_curl_verify_certificates.h b/src/sp_curl_verify_certificates.h new file mode 100644 index 0000000..f4f680e --- /dev/null +++ b/src/sp_curl_verify_certificates.h
@@ -0,0 +1,15 @@
		1	#ifndef SP_CURL_VERIFY_CERTIFICATES_H
		2	#define SP_CURL_VERIFY_CERTIFICATES_H
		3	#include "php_snuffleupagus.h"
		4
		5	#ifndef CURLOPT_SSL_VERIFYPEER
		6	#define CURLOPT_SSL_VERIFYPEER 64
		7	#endif
		8
		9	#ifndef CURLOPT_SSL_VERIFYHOST
		10	#define CURLOPT_SSL_VERIFYHOST 81
		11	#endif
		12
		13	int hook_curl_verify_certificates();
		14
		15	#endif


diff --git a/src/tests/config/disabled_function_curl_verify_certs.ini b/src/tests/config/disabled_function_curl_verify_certs.ini new file mode 100644 index 0000000..64d54a7 --- /dev/null +++ b/src/tests/config/disabled_function_curl_verify_certs.ini
@@ -0,0 +1 @@
			sp.curl_verify_certificates.enable();


diff --git a/src/tests/ensure_client_valid_certs.phpt b/src/tests/ensure_client_valid_certs.phpt new file mode 100644 index 0000000..64c523c --- /dev/null +++ b/src/tests/ensure_client_valid_certs.phpt
@@ -0,0 +1,18 @@
		1	--TEST--
		2	Disable functions - Ensure that client certificates validation can't be disabled
		3	--SKIPIF--
		4	<?php
		5	if (!extension_loaded("snuffleupagus")) die "skip";
		6	if (!extension_loaded("curl")) die "skip";
		7	?>
		8	--INI--
		9	sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
		10	--FILE--
		11	<?php
		12	$ch = curl_init();
		13	curl_setopt($ch, CURLOPT_VERBOSE, '1');
		14	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '0');
		15	echo "1337";
		16	?>
		17	--EXPECTF--
		18	Fatal error: [snuffleupagus][verify_vertificates] Please don't deactivate client certificate validation in %s/tests/ensure_client_valid_certs.php on line %d


diff --git a/src/tests/ensure_server_valid_certs.phpt b/src/tests/ensure_server_valid_certs.phpt new file mode 100644 index 0000000..7eaf1a4 --- /dev/null +++ b/src/tests/ensure_server_valid_certs.phpt
@@ -0,0 +1,18 @@
		1	--TEST--
		2	Disable functions - Ensure that server certificates validation can't be disabled
		3	--SKIPIF--
		4	<?php
		5	if (!extension_loaded("snuffleupagus")) die "skip";
		6	if (!extension_loaded("curl")) die "skip";
		7	?>
		8	--INI--
		9	sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
		10	--FILE--
		11	<?php
		12	$ch = curl_init();
		13	curl_setopt($ch, CURLOPT_VERBOSE, '1');
		14	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '0');
		15	echo "1337";
		16	?>
		17	--EXPECTF--
		18	Fatal error: [snuffleupagus][verify_vertificates] Please don't deactivate client certificate validation in %s/tests/ensure_server_valid_certs.php on line 3