From 783977b6787652be38959832883d2b84eb29115d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Tue, 17 Feb 2015 11:53:53 +0100
Subject: [PATCH 2/2] misc: add a settings option to disable https ssl checks
 (#6539)

---
 src/authentic2/app_settings.py | 1 +
 src/authentic2/http_utils.py   | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/authentic2/app_settings.py b/src/authentic2/app_settings.py
index a2161f5..f36c1fc 100644
--- a/src/authentic2/app_settings.py
+++ b/src/authentic2/app_settings.py
@@ -153,6 +153,7 @@ default_settings = dict(
     A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_MAX_DURATION=Setting(default=3600,
             definition='exponential backoff maximum duration as seconds until '
             'time until next try after a login failure'),
+    A2_VERIFY_SSL=Setting(default=True, definition='Verify SSL certificate in HTTP requests'),
 )
 
 app_settings = AppSettings(default_settings)
diff --git a/src/authentic2/http_utils.py b/src/authentic2/http_utils.py
index dd89c2e..a5bc39d 100644
--- a/src/authentic2/http_utils.py
+++ b/src/authentic2/http_utils.py
@@ -25,8 +25,12 @@ def get_url_pycurl(url):
         c.setopt(c.WRITEFUNCTION, buf.write)
         c.setopt(pycurl.CAINFO, app_settings.CAFILE)
         c.setopt(pycurl.CAPATH, app_settings.CAPATH)
-        c.setopt(pycurl.SSL_VERIFYHOST, 2)
-        c.setopt(pycurl.SSL_VERIFYPEER, 1)
+        if app_settings.A2_VERIFY_SSL:
+            c.setopt(pycurl.SSL_VERIFYHOST, 2)
+            c.setopt(pycurl.SSL_VERIFYPEER, 1)
+        else:
+            c.setopt(pycurl.SSL_VERIFYHOST, 0)
+            c.setopt(pycurl.SSL_VERIFYPEER, 0)
         c.perform()
         r = buf.getvalue()
         buf.close()
-- 
2.1.4