Make sure the curl library is always verifying that the host is the host you want to talk to.
The discovery of this issue was made during the set up of
, where we've added an extra ini_set to make sure that the ssl certificates can be adjusted if they're on a different location that the defaulting place (the discovery was basically that host and peer verification was not enabled in the defaults of the class). LIB-37
From PHP 5.6 there is an implementation of openssl_get_cert_locations(), from where we can fetch a certficates current default location. This should normally be enough, but during historical tests we've discovered that for example Slackware 13 and older distributions did not have certificates stored in /etc/ssl/certs.
From now on, allowUnverifiedSSL must be set, to disable the peer/host verification if the https calls are failing as it is insecure to allow unverified peers.