src - https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
valid PHP
1
2
curl_setopt($curlHandle, CURLOPT_SSL_VERIFYPEER, 1); //https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
curl_setopt($curlHandle, CURLOPT_SSL_VERIFYHOST, 2); //https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
JSSE (Java Secure Socket Extension) - SSLSocketFactory silently skips hostname verification if the algorithm field in the SSL client is NULL or an empty string rather than HTTPS. (ref / fix)
origin - https://www.pipiscrew.com/?p=15268 the-most-dangerous-code-in-the-world-validating-ssl-certificates-2012