add: skip hostname checks if CURLRequest options 'verify' is set to false.

When CURLRequest options 'verify' is set to false, some CURLOPT_SSL_... options should be disabled in such a way as to allow requests to pass through in case the destination is for example on private networks.

Avoids SSL errors: SSL: certificate subject name 'CA' does not match target host name 'localhost'

Author: NicolaeIotu

system/HTTP/CURLRequest.php

@@ -559,6 +559,12 @@ protected function setCURLOptions(array $curlOptions = [], array $config = [])
                 $curlOptions[CURLOPT_SSL_VERIFYPEER] = 1;
             } elseif (is_bool($config['verify'])) {
                 $curlOptions[CURLOPT_SSL_VERIFYPEER] = $config['verify'];
+
+                if ($config['verify'] === false) {
+                    $curlOptions[CURLOPT_SSL_VERIFYHOST] = 0;
+                } else {
+                    $curlOptions[CURLOPT_SSL_VERIFYHOST] = 2;
+                }
             }
         }
 

tests/system/HTTP/CURLRequestTest.php

@@ -529,6 +529,9 @@ public function testSSLVerification(): void
 
         $this->assertArrayHasKey(CURLOPT_SSL_VERIFYPEER, $options);
         $this->assertSame(1, $options[CURLOPT_SSL_VERIFYPEER]);
+
+        $this->assertArrayHasKey(CURLOPT_SSL_VERIFYHOST, $options);
+        $this->assertSame(2, $options[CURLOPT_SSL_VERIFYHOST]);
     }
 
     public function testSSLWithBadKey(): void