Why does the API Client, Blesta module and presumably WHMCS module contain this cURL configuration for API calls?
PHP Code
// Turn off the server and peer verification (TrustManager Concept).
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
This is surely very insecure for something so important?
I have Googled it but only found references to some PayPal sample code...