Skip to content

Add an option to disable CA certificate pinning#51

Merged
cisco-dmytro-hissa merged 2 commits into
masterfrom
disable-ca-pinning
Jul 9, 2026
Merged

Add an option to disable CA certificate pinning#51
cisco-dmytro-hissa merged 2 commits into
masterfrom
disable-ca-pinning

Conversation

@cisco-dmytro-hissa

Copy link
Copy Markdown
Contributor

Description

  1. Client::disableCaPinning() — Fluent method that sets disable_ca_pinning option. Mutually exclusive with custom CA certs (setRequesterOption("ca", ...)) — throws InvalidArgumentException if both are used.
  2. CurlRequester::options() — When disable_ca_pinning is true, skips setting CURLOPT_CAINFO entirely, relying on the system's default CA store. TLS verification (CURLOPT_SSL_VERIFYPEER + CURLOPT_SSL_VERIFYHOST)
    remains mandatory.
  3. FileRequester::options() — When disable_ca_pinning is true, skips setting cafile in the SSL stream context, using the system's default trust store.

How Has This Been Tested?

  • testDisableCaPinning — verifies fluent interface and option is set
  • testDisableCaPinningWithCustomCaThrows — mutual exclusion (CA set first)
  • testSetCustomCaWithDisabledPinningThrows — mutual exclusion (pinning disabled first)
  • testDisableCaPinningSetsOption — verifies the option is passed to the requester
  • CurlRequesterTest — 5 tests verifying the curl option logic (default CA, disabled pinning removes CAINFO, SSL verify stays on, custom CA, IGNORE mode)

Types of Changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

@cisco-dmytro-hissa cisco-dmytro-hissa marked this pull request as ready for review July 2, 2026 16:09
@cisco-dmytro-hissa cisco-dmytro-hissa merged commit d126bc6 into master Jul 9, 2026
5 checks passed
@cisco-dmytro-hissa cisco-dmytro-hissa deleted the disable-ca-pinning branch July 9, 2026 09:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants