mahara-contributors team mailing list archive

[François Marier <francois@xxxxxxxxxx>]

Public bug reported:

MNet in Mahara has these curl options set:

  CURLOPT_SSL_VERIFYHOST = 2
  CURLOPT_SSL_VERIFYPEER = true

whereas Moodle has:

  CURLOPT_SSL_VERIFYHOST = 0
  CURLOPT_SSL_VERIFYPEER = false

Since we are already using public key crypto to authenticate and encrypt
communications between sites, I think we can remove this superfluous
check which incidentally prevents people from using self-signed SSL
certs to protect their sites.

** Affects: mahara
     Importance: Medium
     Assignee: François Marier (fmarier)
         Status: In Progress


** Tags: mnet

** Changed in: mahara
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/888436

Title:
  MNet contains superfluous SSL cert checks

Status in Mahara ePortfolio:
  In Progress

Bug description:
  MNet in Mahara has these curl options set:

    CURLOPT_SSL_VERIFYHOST = 2
    CURLOPT_SSL_VERIFYPEER = true

  whereas Moodle has:

    CURLOPT_SSL_VERIFYHOST = 0
    CURLOPT_SSL_VERIFYPEER = false

  Since we are already using public key crypto to authenticate and
  encrypt communications between sites, I think we can remove this
  superfluous check which incidentally prevents people from using self-
  signed SSL certs to protect their sites.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/888436/+subscriptions