What this config does is provides for PHP curl to verify the certificates of HTTPS servers that it connects to. Without this, it apparently just trusts anything.
We can perhaps copy the logic from https://tracker.moodle.org/browse/MDL-39356 , where Moodle recently implemented something similar. They appear to have included the cacert.pem from http://curl.haxx.se/docs/caextract.html ** Information type changed from Public to Public Security ** Changed in: mahara Milestone: 1.8.0 => 1.8.1 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1084351 Title: get_config('cacertinfo') will be null in default installs unless overridden, a default should be used Status in Mahara ePortfolio: Triaged Bug description: htdocs/lib/web.php line 3532 This config variable is both undocumented, and no default is given. I think that we should try and detect some reasonable default and give up if none possible. Documentation could also be good ;) It appears to be only used in that one place, as a flag to set up more checks. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1084351/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
