Error202
/
yii2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Add note about updating cacert.pem

tags/2.0.41
Alexander Makarov 4 years ago
parent
3883d73cea
commit
6b1750d35f
No known key found for this signature in database
GPG Key ID: 3617B79C6A325E4A
1 changed files with 3 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      docs/guide/security-best-practices.md

4
docs/guide/security-best-practices.md
Unescape View File

@ -368,7 +368,7 @@ or
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
```
Many sources wrongly suggest disabling SSL peer verification. That should not be ever done since it enabled
Many sources wrongly suggest disabling SSL peer verification. That should not be ever done since it enables
man-in-the middle type of attacks. Instead, PHP should be configured properly:
1. Download [https://curl.haxx.se/ca/cacert.pem](https://curl.haxx.se/ca/cacert.pem).
@ -377,3 +377,5 @@ man-in-the middle type of attacks. Instead, PHP should be configured properly:
openssl.cafile="/path/to/cacert.pem"
curl.cainfo="/path/to/cacert.pem".
```
Note that the `cacert.pem` file should be kept up to date.

Write Preview
Loading…
Cancel
Save