From 9dbe364494e45d4f1390679001b2474c96cb4abf Mon Sep 17 00:00:00 2001
From: Sixto Martin <pitbulk@gmail.com>
Date: Mon, 13 May 2024 11:47:46 +0200
Subject: [PATCH] #586 IdPMetadataParser::parseRemoteXML - Add argument for
 setting whether to validate peer SSL certificate

---
 src/Saml2/IdPMetadataParser.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Saml2/IdPMetadataParser.php b/src/Saml2/IdPMetadataParser.php
index be532ae5..58c7a410 100644
--- a/src/Saml2/IdPMetadataParser.php
+++ b/src/Saml2/IdPMetadataParser.php
@@ -36,10 +36,11 @@ class IdPMetadataParser
      * @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat
      * @param string $desiredSSOBinding   Parse specific binding SSO endpoint
      * @param string $desiredSLOBinding   Parse specific binding SLO endpoint
+     * @param bool   $validatePeer        Enable or disable validate peer SSL certificate
      *
      * @return array metadata info in php-saml settings format
      */
-    public static function parseRemoteXML($url, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT)
+    public static function parseRemoteXML($url, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT, $validatePeer = false)
     {
         $metadataInfo = array();
 
@@ -51,7 +52,7 @@ public static function parseRemoteXML($url, $entityId = null, $desiredNameIdForm
             curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
             curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
-            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $validatePeer);
             curl_setopt($ch, CURLOPT_FAILONERROR, 1);
 
             $xml = curl_exec($ch);