[geeklog-devel] Oauth Login and open_basedir
Yuji Tsuchida
tani.os2 at gmail.com
Thu Nov 21 07:25:50 EST 2013
I have one question.
Why you set 'ssl_verify_peer' => false and 'ssl_verify_host' => false?
I think it is not safety(ex. DNS spoofing), and you might want to
'ssl_verify_peer' => true and 'ssl_cafile' => '/somewhere/ca-bundle.crt'
(or 'ssl_capath' => '/etc/ssl/certs/')
You can get ca-bundle.crt from http://curl.haxx.se/ca/.
#wget http://curl.haxx.se/ca/cacert.pem -O ca-bundle.crt
And Wordpress(>ver3.7) with ca-bundle.crt in it.
Geeklog is secure?
2013/11/19 Tom <websitemaster at cogeco.net>:
> Yeah as soon as I wrote that I realized my mistake. No I don't use a proxy.
> I am going to have to step through the code again and figure out the issue.
> I am not sure what happen as it was working fine a couple of weeks ago.
>
> Tom
>
> -----Original Message-----
> From: geeklog-devel-bounces at lists.geeklog.net
> [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Kenji ITO
> Sent: November-19-13 6:46 AM
> To: Geeklog Development
> Subject: Re: [geeklog-devel] Oauth Login and open_basedir
>
> Tom wrote:
>
>> I may have spoken to soon. Google Oauth login is not working at the
>> moment.
>> HTTP_Request2_Adapter_Socket should be able to handle https requests
>> right?
>
> It should be, since Facebook Oauth login, which also requires https, works
> well.
>
> Do you happen to use proxies without setting proxy configurations?[1]
>
> [1] http://pear.php.net/manual/en/package.http.http-request2.config.php
> --
> mystral-kk (Kenji ITO)
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
More information about the geeklog-devel
mailing list