Details
-
Bug
-
Resolution: Answered
-
High
-
None
-
2.2.7, 2.3.1
-
None
Description
The issue:
when using self signed certificates for SSL, the apache mod_authnz_crowd module (Crowd Apache Connector) rejects the certificate regardless of configuration on the crowd server.
The symptoms:
when setting CrowdURL to a https value in apache you will receive a 500 error through the browser, looking in the apache error_log you will see: "Failed to send authentication request (CURLcode 60)" - this is returned by the CURL library that the module uses to make its connection, and error code 60 from the CURL library can be found here http://curl.haxx.se/libcurl/c/libcurl-errors.html
/>
CURLE_SSL_CACERT (60) - Peer certificate cannot be authenticated with known CA certificates.
A quick look at the CURL manual (http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLVERIFYPEER) reveals: This option determines whether curl verifies the authenticity of the peer's certificate. A value of 1 means curl verifies; 0 (zero) means it doesn't.
The Solution:
See attached patch file, simple one liner fix.