Hacker News new | past | comments | ask | show | jobs | submit login

Good catch. Yep generally not something you want to do in production and it shouldn't be forced by a library. Aside from some edge scenario where the server will be connecting to arbitrary endpoints taking the time to set CURLOPT_{CAINFO,CAPATH} will allow VERIFYPEER to work properly.

While reviewing this section of the code they should also probably do manual support for FOLLOWLOCATION or check open_basedir, which is usually set--or should be.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact