CA certificate without client certificate #3
Description
I want to use IXR_ClientSSL for sending XML-RPC requests to another server over HTTPS without using a client certificate. This is currently not possible, because IXR_ClientSSL::query() both requires a client and a CA certificate. If no client certificate is set (IXR_ClientSSL::setCertificate()), then setting the CA certificate is skipped, which results in a connection error "unable to get local issuer certificate".
I just want to set the CA certificate to verify the server without using a client certificiate, so I think the lines:
if ($this->_caFile === false) {
// Don't verify their certificate, as we don't have a CA to verify against
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
} else {
// Verify against a CA
curl_setopt($curl, CURLOPT_CAINFO, $this->_caFile);
}
should be independent from the block "if (!($this->_certFile === false)) {"
Is this correct?
Edit: I think the following line should be added in addition to CURLOPT_SSL_VERIFYHOST to disable server certificate checks if no CA certificate is given:
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);