Disable SSL Verification for SSO in Mahara

By default Mahara will attempt verify SSL for SSO Partners, for example moodle.  This can result in an error screen when Moodle users try to navigate to Mahara if your Moodle server uses a self signed certificate.

To turn off SSL Verification you'll need to edit 2 files and add the following content

\mahara\api\xmlrpc\client.php:


if (strpos($URL, 'https://') === 0) {
            if ($cainfo = get_config('cacertinfo')) {
                curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
                curl_setopt($ch, CURLOPT_CAINFO, $cainfo);
            }



\mahara\api\xmlrpc\lib.php:



$config = array(
        CURLOPT_URL => $uri . $xmlrpcserverurl,
        CURLOPT_POST => true,
        CURLOPT_USERAGENT => 'Moodle',
        CURLOPT_POSTFIELDS => $rq,
        CURLOPT_HTTPHEADER => array("Content-Type: text/xml charset=UTF-8", 'Expect: '),
    );


$config[CURLOPT_SSL_VERIFYPEER] = false;
$config[CURLOPT_SSL_VERIFYHOST] = 0;

    $result = mahara_http_request($config);