rspec/rules/S5527/php/how-to-fix-it/curl.adoc

== How to fix it in cURL

=== Code examples

include::../../common/fix/code-rationale.adoc[]

:cert_variable_name: CURLOPT_SSL_VERIFYHOST
:cert_variable_unsafe_value: 0 or false
:cert_variable_safe_value: 2 or true

include::../../common/fix/code-rationale-setting.adoc[]

==== Noncompliant code example

[source,php,diff-id=1,diff-type=noncompliant]
----
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://example.com/');
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);  // Noncompliant
curl_exec($curl);
curl_close($curl);
----

==== Compliant solution

[source,php,diff-id=1,diff-type=compliant]
----
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://example.com/');
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_exec($curl);
curl_close($curl);
----

=== How does this work?

include::../../common/fix/validation.adoc[]