option to turn off CURLOPT_SSL_VERIFYPEER from GUI for Moodle SSO with self-signed certs
Bug #547344 reported by
Matt Oquist
This bug report is a duplicate of:
Bug #888436: MNet contains superfluous SSL cert checks.
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Confirmed
|
Wishlist
|
Unassigned | ||
Bug Description
Hi,
I have a Moodle+Mahara pair running on a box with a cert that looks invalid to curl. SSO works fine if I add CURLOPT_
I'm not sure how this suggestion will be received, so I haven't bothered trying to write it and submit patches. I'd be happy to give that a go sometime if you're interested.
Cheers,
Matt
Revision history for this message
| Nigel-catalyst (nigel-catalyst) wrote | #1 |
Revision history for this message
| Matt Oquist (moquist) wrote | #2 |
| description: | updated |
| tags: |
added: mnet removed: mahara-eduforge-feature-request |
To post a comment you must log in.
I was reasonably sure this is a duplicate feature request, but I can't find the other one.
I'm not convinced this should be a checkbox, but rather should be something you set in config.php. The reason for this is that the last thing you really want when setting up a trust relationship with a remote site, is to have a clueless admin check the "I don't care how insecure they are" box while trying to make it work. I can just see far more people checking the box than for whom it's actually needed.
At least if the system admin can set it in config.php, it requires a bit more thought - and on average, someone more likely to understand the risks.
Alternatively, maybe it could end up in the UI somehow - but with dire warnings when it's switched on, similar to how firefox and newer browsers do it.