Merge pull request #586 from hcduffey/idp-validate-peer

IdPMetadataParser::parseRemoteXML - Add argument for setting whether to validate peer SSL certificate
SAML-Toolkits · Apr 26, 2024 · a5afccb · a5afccb
2 parents b58c5ee + 9156d1d
commit a5afccb
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/Saml2/IdPMetadataParser.php b/lib/Saml2/IdPMetadataParser.php
@@ -25,7 +25,7 @@ class OneLogin_Saml2_IdPMetadataParser
      *
      * @return array metadata info in php-saml settings format
      */
-    public static function parseRemoteXML($url, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT)
+    public static function parseRemoteXML($url, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT, $validatePeer = false)
     {
         $metadataInfo = array();
 
@@ -37,7 +37,7 @@ public static function parseRemoteXML($url, $entityId = null, $desiredNameIdForm
             curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
             curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
-            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $validatePeer);
             curl_setopt($ch, CURLOPT_FAILONERROR, 1);
 
             $xml = curl_exec($ch);