CAS SSL cert validation disabled by default??
-
I manage CAS at our institution, and one of my colleagues who runs wordpress asked me to look at this CAS client. Browsing through the code, I see:
if (method_exists($phpCas,’setNoCasServerValidation’))
phpCAS::setNoCasServerValidation();which appears to disable SSL certificate validation for the CAS server??? Am I misunderstanding something? This plugin is described as “One of the most secure CAS plugins for WordPress”, I’d hate to see how insecure the other ones are then 8-/.
- The topic ‘CAS SSL cert validation disabled by default??’ is closed to new replies.
