utilize PHP ini settings when configuring clients. openssl.cafile Specifies the path on disk to a CA file in PEM format to use when sending requests over "https". See: https://wiki.php.net/rfc/tls-peer- client side certificate. If a password is required, then set to an array containing the path to the PEM file in the first array element followed by the password required for the certificate in the second containing the path to the SSL key in the first array element followed by the password required for the certificate in the second element. Types string array Default None Constant GuzzleHttp\RequestOptions::SSL_KEY

utilize PHP ini settings when configuring clients. openssl.cafile Specifies the path on disk to a CA file in PEM format to use when sending requests over "https". See: https://wiki.php.net/rfc/tls-peer- client side certificate. If a password is required, then set to an array containing the path to the PEM file in the first array element followed by the password required for the certificate in the second containing the path to the SSL key in the first array element followed by the password required for the certificate in the second element. Types string array Default None Constant GuzzleHttp\RequestOptions::SSL_KEY

utilize PHP ini settings when configuring clients. openssl.cafile Specifies the path on disk to a CA file in PEM format to use when sending requests over “https”. See: https://wiki.php.net/rfc/tls-pe client side certificate. If a password is required, then set to an array containing the path to the PEM file in the first array element followed by the password required for the certificate in the second containing the path to the SSL key in the first array element followed by the password required for the certificate in the second element. Types • string • array Default None Constant GuzzleHttp\RequestOptions::SSL_KEY

utilize PHP ini settings when configuring clients. openssl.cafile Specifies the path on disk to a CA file in PEM format to use when sending requests over “https”. See: https://wiki.php.net/rfc/tls-pe client side certificate. If a password is required, then set to an array containing the path to the PEM file in the first array element followed by the password required for the certificate in the second containing the path to the SSL key in the first array element followed by the password required for the certificate in the second element. Types • string 1.3. Request Options 27 Guzzle, Release • array Default

Applications that use TLS are not vulnerable to this attack (because the browser will display certificate mismatch warnings that block automated access to the target site). 6.1. User’s guide 35Tornado secure websocket connection (wss://) with a self-signed certificate, the connection from a browser may fail because it wants to show the “accept this certificate” dialog but has nowhere to show it. You must must first visit a regular HTML page using the same certificate to accept it before the websocket connection will succeed. If the application setting websocket_ping_interval has a non-zero value, a ping

utilize PHP ini settings when configuring clients. openssl.cafile Specifies the path on disk to a CA file in PEM format to use when sending requests over "https". See: https://wiki.php.net/rfc/tls-peer- client side certificate. If a password is required, then set to an array containing the path to the PEM file in the first array element followed by the password required for the certificate in the second containing the path to the SSL key in the first array element followed by the password required for the certificate in the second element. Types string array Default None Constant GuzzleHttp\RequestOptions::SSL_KEY

utilize PHP ini settings when configuring clients. openssl.cafile Specifies the path on disk to a CA file in PEM format to use when sending requests over “https”. See: https://wiki.php.net/rfc/tls-pe client side certificate. If a password is required, then set to an array containing the path to the PEM file in the first array element followed by the password required for the certificate in the second containing the path to the SSL key in the first array element followed by the password required for the certificate in the second element. Types • string • array Default None Constant GuzzleHttp\RequestOptions::SSL_KEY

cURL handler. verify Describes the SSL certificate verification behavior of a request. Set to true to enable SSL certificate verification and use the default CA bundle provided by operating system. Set disable certificate verification (this is insecure!). Set to a string to provide the path to a CA bundle to enable verification using a custom certificate. bool string true // Use the system's CA bundle bundle (this is the default setting) $client->get('/', ['verify' => true]); // Use a custom SSL certificate on disk. $client->get('/', ['verify' => '/path/to/cert.pem']); Summary: Types: Default: // Disable

handler. verify Summary Describes the SSL certificate verification behavior of a request. • Set to true to enable SSL certificate verification and use the default CA bundle provided by operating system. • Set to false to disable certificate verification (this is insecure!). • Set to a string to provide the path to a CA bundle to enable verification using a custom certificate. Types • bool • string Chapter 1. User guide Guzzle // Use the system's CA bundle (this is the default setting) $client->get('/', ['verify' => true]); // Use a custom SSL certificate on disk. $client->get('/', ['verify' => '/path/to/cert

Applications that use TLS are not vulnerable to this attack (because the browser will display certificate mismatch warnings that block automated access to the target site). Applications that cannot use secure websocket connection (wss://) with a self-signed certificate, the connection from a browser may fail because it wants to show the “accept this certificate” dialog but has nowhere to show it. You must must first visit a regular HTML page using the same certificate to accept it before the websocket connection will succeed. If the application setting websocket_ping_interval has a non-zero value, a ping