mahara-contributors team mailing list archive

[Mahara Bot <888436@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://reviews.mahara.org/838
Committed: http://gitorious.org/mahara/mahara/commit/cd47920eedcf03ac93e690de407da7044737b683
Submitter: Richard Mansfield (richardm@xxxxxxxxxx)
Branch:    master

commit cd47920eedcf03ac93e690de407da7044737b683
Author: Francois Marier <francois@xxxxxxxxxxxxxxx>
Date:   Thu Nov 10 20:40:18 2011 +1300

    MNet: Remove unnecessary SSL certificate checks (bug #888436)
    
    These CA checks prevent the use of self-signed certificates with
    MNet despite the fact that we wrap everything inside public key
    crypto.
    
    This change makes the Mahara implementation match the way that this
    is done in Moodle.
    
    Change-Id: Ia190cd4d40da5e7a5acf3c0fe2104f80c6df9f78
    Signed-off-by: Francois Marier <francois@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/888436

Title:
  MNet contains superfluous SSL cert checks

Status in Mahara ePortfolio:
  In Progress

Bug description:
  MNet in Mahara has these curl options set:

    CURLOPT_SSL_VERIFYHOST = 2
    CURLOPT_SSL_VERIFYPEER = true

  whereas Moodle has:

    CURLOPT_SSL_VERIFYHOST = 0
    CURLOPT_SSL_VERIFYPEER = false

  Since we are already using public key crypto to authenticate and
  encrypt communications between sites, I think we can remove this
  superfluous check which incidentally prevents people from using self-
  signed SSL certs to protect their sites.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/888436/+subscriptions