Bug #21040
closed
OpenID login does uses cURL even if was not defined in TYPO3_CONF_VARS
0%
Description
The 3rd party library used for the system extension openid offers some HTTP-Fetchers to execute requests to an OpenID provider. However, if curl_init() ist available on the webserver, it is used without considering the setting in $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlUse'].
I realized that problem by using an OpenID starting with 'https://', having a cURL version without HTTPS support and the disabled curlUse setting - the result was, that I could not login to the backend anymore.
The OpenID library provides a constant 'Auth_Yadis_CURL_OVERRIDE' which disables the disposal of cURL.
only testet for BackendLogin by Oliver
(issue imported from #M11932)
Files
Updated by Oliver Hader over 14 years ago
The reason is that the OpenId AuthService has a higher priority than the RSAAuthService. Thus, the OpenId service should use the username (not userident) directly or decode the userident if RSAAuth is used...
Updated by Oliver Hader over 14 years ago
Update... no problem with RSAAuth here...
The problem was using the HTTPS protocol on the OpenId. On my local system I did not have cURL installed with HTTPS support - thus the OpenId Discover action failed silently...