Permalink
Browse files

MDL-36818 cas: improve SSL validation

  • Loading branch information...
1 parent 079364c commit 2093a0c3c325ffa07238b08250a8dbe2d0a517cd @thijskh thijskh committed with danpoltawski Oct 14, 2013
Showing with 2 additions and 2 deletions.
  1. +2 −2 auth/cas/CAS/CAS/client.php
@@ -2160,7 +2160,7 @@ function readURL($url,$cookies,&$headers,&$body,&$err_msg)
if ($this->_cas_server_cert != '' && $this->_cas_server_ca_cert != '') {
// This branch added by IDMS. Seems phpCAS implementor got a bit confused about the curl options CURLOPT_SSLCERT and CURLOPT_CAINFO
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert);
curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert);
curl_setopt($ch, CURLOPT_VERBOSE, '1');
@@ -2172,7 +2172,7 @@ function readURL($url,$cookies,&$headers,&$body,&$err_msg)
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert);
} else {
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
}

0 comments on commit 2093a0c

Please sign in to comment.