mahara-contributors team mailing list archive

Thread
Date

[Bug 1084351] Re: get_config('cacertinfo') will be null in default installs unless overridden, a default should be used

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1084351@xxxxxxxxxxxxxxxxxx>
Date: Tue, 22 Oct 2013 03:44:01 -0000
Reply-to: Bug 1084351 <1084351@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

What this config does is provides for PHP curl to verify the
certificates of HTTPS servers that it connects to. Without this, it
apparently just trusts anything.

We can perhaps copy the logic from
https://tracker.moodle.org/browse/MDL-39356 , where Moodle recently
implemented something similar. They appear to have included the
cacert.pem from http://curl.haxx.se/docs/caextract.html

** Information type changed from Public to Public Security

** Changed in: mahara
    Milestone: 1.8.0 => 1.8.1

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1084351

Title:
  get_config('cacertinfo') will be null in default installs unless
  overridden, a default should be used

Status in Mahara ePortfolio:
  Triaged

Bug description:
  htdocs/lib/web.php line 3532

  This config variable is both undocumented, and no default is given. I
  think that we should try and detect some reasonable default and give
  up if none possible. Documentation could also be good ;)

  It appears to be only used in that one place, as a flag to set up more
  checks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1084351/+subscriptions

References

[Bug 1084351] [NEW] get_config('cacertinfo') will be null in default installs unless overridden, a default should be used
From: Hugh Davenport, 2012-11-29