From 64e52596abaf4bdd4c17f79c4e8acf25d1a452b4 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Wed, 29 Aug 2018 08:55:49 +0000
Subject: Verify certs (#223)

Ensure that certificates are verified in curl
should close #47 ---
 config/default.rules | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'config/default.rules')

diff --git a/config/default.rules b/config/default.rules
index 2bd3c48..6e443ea 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -7,6 +7,9 @@ sp.disable_xxe.enable();
 # use SameSite on session cookie
 sp.cookie.name("PHPSESSID").samesite("lax");
 
+# Always verify certificates
+sp.curl_verify_certificates.enable();
+
 # Harden the `chmod` function
 sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
 
@@ -91,3 +94,4 @@ sp.disable_function.function("is_callable").param("var").value("passthru").drop(
 #File upload
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
+
-- 
cgit v1.3