SAML2_SOAPClient: Add option to disable the inclusion of client certificates.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2750 44740490-163a-0410-bde0-09ae8108e29a

1 files changed, 6 insertions, 3 deletions

diff --git a/lib/SAML2/SOAPClient.php b/lib/SAML2/SOAPClient.php
index fc1824f..15b0690 100644
--- a/lib/SAML2/SOAPClient.php
+++ b/lib/SAML2/SOAPClient.php
@@ -31,9 +31,12 @@ class SAML2_SOAPClient {
 
 		// Determine if we are going to do a MutualSSL connection between the IdP and SP  - Shoaib
 		if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
-			$ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
-			if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
-				$ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
+			$cert = $srcMetadata->getValue('saml.SOAPClient.certificate');
+			if ($cert !== FALSE) {
+				$ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
+				if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
+					$ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
+				}
 			}
 		} else {
 			/* Use the SP certificate and privatekey if it is configured. */