Missing SSL certificate verification detected.
- Rule ID: php_lang_ssl_verification
- Languages: php
- Source: ssl_verification.yml
Description
Applications processing sensitive data should use valid SSL certificates. This rule checks if SSL verification is enabled.
Remediations
❌ Do not disable SSL certificate validation in your HTTP client
✅ Ensure verification of both peers and hostnames is enabled in your HTTP client:
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, true);
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=php_lang_ssl_verification
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=php_lang_ssl_verification
Ready to take the next step? Learn more about Bearer Cloud.