From a35fcf4b4ec8aafe8dec16d0549a43d1c36403a5 Mon Sep 17 00:00:00 2001
From: Nick Tucker <nkjtkr+mantis@googlemail.com>
Date: Sun, 4 Jan 2009 20:59:31 +0000
Subject: [PATCH] OpenId - specify ca certificate bundle


diff --git a/config_defaults_inc.php b/config_defaults_inc.php
index 7e1ea86..2580fb8 100644
--- a/config_defaults_inc.php
+++ b/config_defaults_inc.php
@@ -3429,3 +3429,11 @@
 	 * The name of the site that is registered with rpxnow.
 	 */
 	$g_openid_site_name = '';
+
+	/**
+	 * SSL CA Certificate Bundle.
+	 * If you get "Error performing HTTP request: SSL certificate problem, verify that the CA cert is OK.",
+	 * see http://curl.haxx.se/docs/caextract.html to create a recent certificate file.
+	 *
+	 */
+	$g_openid_ca_bundle = '';
diff --git a/core/classes/MantisOpenId.class.php b/core/classes/MantisOpenId.class.php
index dd1db5c..596ba43 100644
--- a/core/classes/MantisOpenId.class.php
+++ b/core/classes/MantisOpenId.class.php
@@ -246,6 +246,10 @@ class RPX {
         curl_setopt($curl, CURLOPT_WRITEFUNCTION,
                     array(&$this, "_writeResponseData"));
 
+        $ca = config_get( 'openid_ca_bundle' );
+        if ($ca != '') {
+            curl_setopt($curl, CURLOPT_CAINFO, $ca); // Set the location of the CA-bundle
+        }
         curl_exec($curl);
 
         $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
-- 
1.5.6.4