Improve verify peer name API

kelunik · kelunik · commit 0169e9717b14 · 2026-02-12T22:12:20.000+01:00
Let's make the old methods switch both flags and do so consistently in ServerTlsContext and ClientTlsContext.
diff --git a/src/ClientTlsContext.php b/src/ClientTlsContext.php
@@ -113,6 +113,7 @@ public function withPeerVerification(): self
     {
         $clone = clone $this;
         $clone->verifyPeer = true;
+        $clone->verifyPeerName = true;
 
         return $clone;
     }
@@ -129,7 +130,6 @@ public function withoutPeerVerification(): self
     {
         $clone = clone $this;
         $clone->verifyPeer = false;
-        // This is for compatibility with the former behaviour:
         $clone->verifyPeerName = false;
 
         return $clone;
diff --git a/src/ServerTlsContext.php b/src/ServerTlsContext.php
@@ -58,7 +58,7 @@ public static function fromServerResource($socket): ?self
 
     private bool $verifyPeer = false;
 
-    private bool $verifyPeerName = true;
+    private bool $verifyPeerName = false;
 
     private int $verifyDepth = 10;
 
@@ -143,6 +143,7 @@ public function withPeerVerification(): self
     {
         $clone = clone $this;
         $clone->verifyPeer = true;
+        $clone->verifyPeerName = true;
 
         return $clone;
     }
@@ -156,6 +157,7 @@ public function withoutPeerVerification(): self
     {
         $clone = clone $this;
         $clone->verifyPeer = false;
+        $clone->verifyPeerName = false;
 
         return $clone;
     }
@@ -199,7 +201,7 @@ public function withoutPeerNameVerification(): self
      */
     public function hasPeerNameVerification(): bool
     {
-        return $this->verifyPeer && $this->verifyPeerName;
+        return $this->verifyPeerName;
     }
 
     /**
@@ -473,7 +475,7 @@ public function toStreamContextArray(): array
             'crypto_method' => $this->toStreamCryptoMethod(),
             'peer_name' => $this->peerName,
             'verify_peer' => $this->verifyPeer,
-            'verify_peer_name' => $this->verifyPeer && $this->verifyPeerName,
+            'verify_peer_name' => $this->verifyPeerName,
             'verify_depth' => $this->verifyDepth,
             'ciphers' => $this->ciphers ?? \OPENSSL_DEFAULT_STREAM_CIPHERS,
             'honor_cipher_order' => true,

Original file line number	Diff line number	Diff line change
`@@ -113,6 +113,7 @@ public function withPeerVerification(): self`
`113`	`113`	`{`
`114`	`114`	`$clone = clone $this;`
`115`	`115`	`$clone->verifyPeer = true;`
	`116`	`+ $clone->verifyPeerName = true;`
`116`	`117`
`117`	`118`	`return $clone;`
`118`	`119`	`}`
`@@ -129,7 +130,6 @@ public function withoutPeerVerification(): self`
`129`	`130`	`{`
`130`	`131`	`$clone = clone $this;`
`131`	`132`	`$clone->verifyPeer = false;`
`132`		`- // This is for compatibility with the former behaviour:`
`133`	`133`	`$clone->verifyPeerName = false;`
`134`	`134`
`135`	`135`	`return $clone;`
Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ public static function fromServerResource($socket): ?self`
`58`	`58`
`59`	`59`	`private bool $verifyPeer = false;`
`60`	`60`
`61`		`- private bool $verifyPeerName = true;`
	`61`	`+ private bool $verifyPeerName = false;`
`62`	`62`
`63`	`63`	`private int $verifyDepth = 10;`
`64`	`64`
`@@ -143,6 +143,7 @@ public function withPeerVerification(): self`
`143`	`143`	`{`
`144`	`144`	`$clone = clone $this;`
`145`	`145`	`$clone->verifyPeer = true;`
	`146`	`+ $clone->verifyPeerName = true;`
`146`	`147`
`147`	`148`	`return $clone;`
`148`	`149`	`}`
`@@ -156,6 +157,7 @@ public function withoutPeerVerification(): self`
`156`	`157`	`{`
`157`	`158`	`$clone = clone $this;`
`158`	`159`	`$clone->verifyPeer = false;`
	`160`	`+ $clone->verifyPeerName = false;`
`159`	`161`
`160`	`162`	`return $clone;`
`161`	`163`	`}`
`@@ -199,7 +201,7 @@ public function withoutPeerNameVerification(): self`
`199`	`201`	`*/`
`200`	`202`	`public function hasPeerNameVerification(): bool`
`201`	`203`	`{`
`202`		`- return $this->verifyPeer && $this->verifyPeerName;`
	`204`	`+ return $this->verifyPeerName;`
`203`	`205`	`}`
`204`	`206`
`205`	`207`	`/**`
`@@ -473,7 +475,7 @@ public function toStreamContextArray(): array`
`473`	`475`	`'crypto_method' => $this->toStreamCryptoMethod(),`
`474`	`476`	`'peer_name' => $this->peerName,`
`475`	`477`	`'verify_peer' => $this->verifyPeer,`
`476`		`- 'verify_peer_name' => $this->verifyPeer && $this->verifyPeerName,`
	`478`	`+ 'verify_peer_name' => $this->verifyPeerName,`
`477`	`479`	`'verify_depth' => $this->verifyDepth,`
`478`	`480`	`'ciphers' => $this->ciphers ?? \OPENSSL_DEFAULT_STREAM_CIPHERS,`
`479`	`481`	`'honor_cipher_order' => true,`