auth/cas: MDL-25062 CAS authentication plugin does not validate the CAS server certif...
authorInaki <iarenuno@eteo.mondragon.edu>
Thu, 18 Nov 2010 00:12:23 +0000 (00:12 +0000)
committerInaki <iarenuno@eteo.mondragon.edu>
Thu, 18 Nov 2010 00:12:23 +0000 (00:12 +0000)
commit387d1dc0d506d6a41c578976a2bf6bfb06be47a0
tree27ae074af0533d96eab63870412342acf5f7418f
parent80c2a742b6dc60cd7c1bbf1f6048b7152a3e5c44
auth/cas: MDL-25062 CAS authentication plugin does not validate the CAS server certificate

The CAS protocol security model requires that you verify the cas server
certificate before you trust the answer (valid authentication and username
etc.).

Credit goes to Joachim Fritschi for reporting it and providing a patch.
auth/cas/auth.php
auth/cas/config.html
auth/cas/lang/en/auth_cas.php