mirror of
https://github.com/signalwire/freeswitch.git
synced 2025-02-23 09:54:14 +00:00
b2f59dd200
mod_curl currently does not verify the authenticity of the peer's certificate, and does not verify whether the common name on the certificate matches the server. This makes mod_curl initiated TLS connections completely insecure. We should fix this, but until we do, we'll warn people that it's not doing what they may think it is. ref: http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html ref: http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html