3 files changed, 31 insertions, 0 deletions

diff --git a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
index 3164ec5..9913017 100644
--- a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
+++ b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
@@ -206,6 +206,14 @@
 								</xs:documentation>
 							</xs:annotation>
 						</xs:attribute>
+						<xs:attribute name="relaxSslRequirements" type="xs:boolean" default="false">
+							<xs:annotation>
+								<xs:documentation>
+									Whether SSL requirements within the library are disabled/relaxed.
+									Use for TESTING ONLY.
+								</xs:documentation>
+							</xs:annotation>
+						</xs:attribute>
 					</xs:complexType>
 				</xs:element>
 				<xs:element name="openid">
diff --git a/src/DotNetOpenAuth/Configuration/MessagingElement.cs b/src/DotNetOpenAuth/Configuration/MessagingElement.cs
index 9e957fe..cdb4dc2 100644
--- a/src/DotNetOpenAuth/Configuration/MessagingElement.cs
+++ b/src/DotNetOpenAuth/Configuration/MessagingElement.cs
@@ -32,6 +32,11 @@ namespace DotNetOpenAuth.Configuration {
 		private const string MaximumClockSkewConfigName = "clockSkew";
 
 		/// <summary>
+		/// The name of the attribute that indicates whether to disable SSL requirements across the library.
+		/// </summary>
+		private const string RelaxSslRequirementsConfigName = "relaxSslRequirements";
+
+		/// <summary>
 		/// Gets the actual maximum message lifetime that a program should allow.
 		/// </summary>
 		/// <value>The sum of the <see cref="MaximumMessageLifetime"/> and 
@@ -83,6 +88,16 @@ namespace DotNetOpenAuth.Configuration {
 		}
 
 		/// <summary>
+		/// Gets or sets a value indicating whether SSL requirements within the library are disabled/relaxed.
+		/// Use for TESTING ONLY.
+		/// </summary>
+		[ConfigurationProperty(RelaxSslRequirementsConfigName, DefaultValue = false)]
+		internal bool RelaxSslRequirements {
+			get { return (bool)this[RelaxSslRequirementsConfigName]; }
+			set { this[RelaxSslRequirementsConfigName] = value; }
+		}
+
+		/// <summary>
 		/// Gets or sets the configuration for the <see cref="UntrustedWebRequestHandler"/> class.
 		/// </summary>
 		/// <value>The untrusted web request.</value>
diff --git a/src/DotNetOpenAuth/OpenId/Behaviors/GsaIcamProfile.cs b/src/DotNetOpenAuth/OpenId/Behaviors/GsaIcamProfile.cs
index 20c207f..97a55c1 100644
--- a/src/DotNetOpenAuth/OpenId/Behaviors/GsaIcamProfile.cs
+++ b/src/DotNetOpenAuth/OpenId/Behaviors/GsaIcamProfile.cs
@@ -9,6 +9,7 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
 	using System.Diagnostics.CodeAnalysis;
 	using System.Diagnostics.Contracts;
 	using System.Linq;
+	using DotNetOpenAuth.Configuration;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OpenId.Extensions.AttributeExchange;
 	using DotNetOpenAuth.OpenId.Extensions.ProviderAuthenticationPolicy;
@@ -34,6 +35,13 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
 		private static readonly TimeSpan MaximumAssociationLifetime = TimeSpan.FromSeconds(86400);
 
 		/// <summary>
+		/// Initializes static members of the <see cref="GsaIcamProfile"/> class.
+		/// </summary>
+		static GsaIcamProfile() {
+			DisableSslRequirement = DotNetOpenAuthSection.Configuration.Messaging.RelaxSslRequirements;
+		}
+
+		/// <summary>
 		/// Initializes a new instance of the <see cref="GsaIcamProfile"/> class.
 		/// </summary>
 		public GsaIcamProfile() {