From a1cf355f962305cf7fc880e8c5a4280aa4eee14b Mon Sep 17 00:00:00 2001
From: Toshio Kuratomi <toshio@fedoraproject.org>
Date: Fri, 6 Feb 2009 07:32:22 -0800
Subject: [PATCH] Coment VERIFYHOST/VERIFYPEER so curl will default to
 verifying the server's certificate.

---
 scripts/Auth_FAS_MediaWiki/Auth_FAS.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/scripts/Auth_FAS_MediaWiki/Auth_FAS.php b/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
index 609c3de..739a7b7 100644
--- a/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
+++ b/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
@@ -15,10 +15,11 @@
 			curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login");
 			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 			curl_setopt($ch, CURLOPT_VERBOSE, 0);
-			# I hate chained certificates
-			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
-			# This is only required because of the wildcard cert on pt10
-			curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
+            # The following two lines need to be enabled when using a test FAS
+            # with an invalid cert.  Otherwise they should be commented (or 
+            # set to True) for security.
+			#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
+			#curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
 			$response = json_decode(curl_exec($ch), true);
 			curl_close ($ch);