From 9c232d120d0c1e964ee5e6b2b385dad5d863ab96 Mon Sep 17 00:00:00 2001
From: Mahmoud Ashraf <182176867+SNO7E-G@users.noreply.github.com>
Date: Thu, 16 Apr 2026 21:27:46 +0500
Subject: [PATCH] Harden Post fallback TLS verification

---
 src/ReCaptcha/RequestMethod/Post.php       | 4 ++++
 tests/ReCaptcha/RequestMethod/PostTest.php | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/src/ReCaptcha/RequestMethod/Post.php b/src/ReCaptcha/RequestMethod/Post.php
index 77ff691..6d2c04f 100644
--- a/src/ReCaptcha/RequestMethod/Post.php
+++ b/src/ReCaptcha/RequestMethod/Post.php
@@ -73,6 +73,10 @@ public function __construct(?string $siteVerifyUrl = null)
     public function submit(RequestParameters $params): string
     {
         $options = [
+            'ssl' => [
+                'verify_peer' => true,
+                'verify_peer_name' => true,
+            ],
             'http' => [
                 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
                 'method' => 'POST',
diff --git a/tests/ReCaptcha/RequestMethod/PostTest.php b/tests/ReCaptcha/RequestMethod/PostTest.php
index e249a8a..fff18ee 100644
--- a/tests/ReCaptcha/RequestMethod/PostTest.php
+++ b/tests/ReCaptcha/RequestMethod/PostTest.php
@@ -117,10 +117,14 @@ public function httpContextOptionsCallback(array $args): void
         $context = $args[2];
         $options = stream_context_get_options($context);
         $this->assertArrayHasKey('http', $options);
+        $this->assertArrayHasKey('ssl', $options);
 
         /** @var array<string, mixed> $httpOptions */
         $httpOptions = $options['http'];
 
+        /** @var array<string, mixed> $sslOptions */
+        $sslOptions = $options['ssl'];
+
         $this->assertArrayHasKey('method', $httpOptions);
         $this->assertEquals('POST', $httpOptions['method']);
 
@@ -135,6 +139,11 @@ public function httpContextOptionsCallback(array $args): void
 
         $this->assertArrayHasKey('timeout', $httpOptions);
         $this->assertEquals(60, $httpOptions['timeout']);
+
+        $this->assertArrayHasKey('verify_peer', $sslOptions);
+        $this->assertTrue((bool) $sslOptions['verify_peer']);
+        $this->assertArrayHasKey('verify_peer_name', $sslOptions);
+        $this->assertTrue((bool) $sslOptions['verify_peer_name']);
     }
 
     /**