From a842581c6d138dc0b13d8e9c670121058d532288 Mon Sep 17 00:00:00 2001 From: pookmish Date: Wed, 3 May 2017 14:09:19 -0700 Subject: [PATCH] added option to ignore ssl cert file (#131) * Allow user to set the path to the pem cert file. --- includes/CAPx/APILib/AbstractAPILib.php | 17 ++++++++++++++++- stanford_capx.forms.inc | 7 +++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/includes/CAPx/APILib/AbstractAPILib.php b/includes/CAPx/APILib/AbstractAPILib.php index 7568132d..592619d9 100644 --- a/includes/CAPx/APILib/AbstractAPILib.php +++ b/includes/CAPx/APILib/AbstractAPILib.php @@ -196,7 +196,22 @@ protected function makeRawRequest($endpoint, $params = array(), $extraOptions = } // Provide a default cert PEM. - $options['verify'] = drupal_get_path("module", "stanford_capx") . "/includes/CAPx/APILib/cacert.pem"; + $relative_pem_file = drupal_get_path("module", "stanford_capx") . "/includes/CAPx/APILib/cacert.pem"; + $absolute_pem_file = drupal_realpath($relative_pem_file); + $which_pem = variable_get('stanford_capx_verify_pem', FALSE); + + // Allow the option of using the bundled pem file. + if ($which_pem !== FALSE) { + + // If the user set the var to a string use that. Otherwise go with the + // default. + if (is_string($which_pem)) { + $options['verify'] = check_plain($which_pem); + } + else { + $options['verify'] = $absolute_pem_file; + } + } // This is bad idea. You should rely on the cert pem above. if (variable_get("stanford_capx_ignore_ssl", FALSE)) { diff --git a/stanford_capx.forms.inc b/stanford_capx.forms.inc index 7b0dd3bf..b106497d 100644 --- a/stanford_capx.forms.inc +++ b/stanford_capx.forms.inc @@ -2167,6 +2167,12 @@ function stanford_capx_config_auth_settings_form($form, &$form_state) { '#required' => TRUE, ); + $form['advanced']['stanford_capx_ignore_ssl'] = array( + '#type' => 'checkbox', + '#title' => t('Ignore included certification file'), + '#default_value' => variable_get("stanford_capx_ignore_ssl", FALSE), + ); + $form['#validate'][] = "stanford_capx_forms_connect_form_validate"; $form['#submit'][] = "stanford_capx_forms_connect_form_submit"; @@ -2222,6 +2228,7 @@ function stanford_capx_config_settings_form($form, &$form_state) { */ function stanford_capx_config_settings_form_submit($form, &$form_state) { $values = $form_state["values"]; + variable_set("stanford_capx_ignore_ssl", $values['stanford_capx_ignore_ssl']); variable_set("stanford_capx_batch_limit", check_plain($values['stanford_capx_batch_limit'])); variable_set("stanford_capx_default_field_format", check_plain($values['stanford_capx_default_field_format'])); }