From 2c12d837c693a816541d32dd044de5277a46336d Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Fri, 21 May 2010 10:12:39 -0700
Subject: Disable SSL peer/hostname verification for HTTPClient unless we've
 configured a trusted CA bundle like this: $config['http']['ssl_cafile'] =
 '/usr/lib/ssl/certs/ca-certificates.crt'; The previous state was failing on
 all HTTPS hits due to HTTP_Request2 library turning on the validation check
 but not specifying a CA file.

---
 lib/default.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib/default.php')

diff --git a/lib/default.php b/lib/default.php
index ab5f294de..950c6018d 100644
--- a/lib/default.php
+++ b/lib/default.php
@@ -304,4 +304,7 @@ $default =
         array('subscribers' => true,
               'members' => true,
               'peopletag' => true),
+        'http' => // HTTP client settings when contacting other sites
+        array('ssl_cafile' => false // To enable SSL cert validation, point to a CA bundle (eg '/usr/lib/ssl/certs/ca-certificates.crt')
+              ),
         );
-- 
cgit v1.2.3-54-g00ecf