php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-26 06:15:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add note about updating cacert.pem

Browse Source
This commit is contained in:
Alexander Makarov
2021-03-03 15:48:49 +03:00
parent 3883d73cea
commit 6b1750d35f
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/guide/security-best-practices.md
View File

@ -368,7 +368,7 @@ or
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
```
Many sources wrongly suggest disabling SSL peer verification. That should not be ever done since it enabled
Many sources wrongly suggest disabling SSL peer verification. That should not be ever done since it enables
man-in-the middle type of attacks. Instead, PHP should be configured properly:
1. Download [https://curl.haxx.se/ca/cacert.pem](https://curl.haxx.se/ca/cacert.pem).
@ -377,3 +377,5 @@ man-in-the middle type of attacks. Instead, PHP should be configured properly:
openssl.cafile="/path/to/cacert.pem"
curl.cainfo="/path/to/cacert.pem".
```
Note that the `cacert.pem` file should be kept up to date.