MDL-36818 cas: improve SSL validation
authorThijs Kinkhorst <thijs@uvt.nl>
Mon, 14 Oct 2013 02:10:11 +0000 (10:10 +0800)
committerDan Poltawski <dan@moodle.com>
Mon, 14 Oct 2013 02:13:14 +0000 (10:13 +0800)
auth/cas/CAS/CAS/client.php

index 74d6893..d5c4212 100644 (file)
@@ -2160,7 +2160,7 @@ class CASClient
                if ($this->_cas_server_cert != '' && $this->_cas_server_ca_cert != '') {
                        // This branch added by IDMS. Seems phpCAS implementor got a bit confused about the curl options CURLOPT_SSLCERT and CURLOPT_CAINFO
                        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
-                       curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
+                       curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
                        curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert);
                        curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert);
                        curl_setopt($ch, CURLOPT_VERBOSE, '1');
@@ -2172,7 +2172,7 @@ class CASClient
                        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
                        curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert);
                } else {
-                       curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
+                       curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
                        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
                }