From b960a24c3241a859342b69bb62e2f5dd1d3b0884 Mon Sep 17 00:00:00 2001
From: Ralf Becker <RalfBecker@outdoor-training.de>
Date: Wed, 7 Oct 2020 10:22:10 +0200
Subject: [PATCH] implement UDM_REST_INSECURE environment variable to UCS
 appliance with no valid cert yet

---
 api/src/Accounts/Univention/Udm.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/api/src/Accounts/Univention/Udm.php b/api/src/Accounts/Univention/Udm.php
index 0b9cd5dc7d..6cfbb49269 100644
--- a/api/src/Accounts/Univention/Udm.php
+++ b/api/src/Accounts/Univention/Udm.php
@@ -19,6 +19,9 @@ use EGroupware\Api;
 /**
  * Univention UDM REST Api
  *
+ * Environment variable UDM_REST_INSECURE=<not-empty> can be set to (temporary) disable certificate validation for UDM REST calls.
+ * Used by EGroupware UCS appliance, which does not yet have a final certificate during EGroupware installation.
+ *
  * @todo Use just UDM instead of still calling ldap/parent
  */
 class Udm
@@ -109,7 +112,8 @@ class Udm
 		$curlOpts = [
 			CURLOPT_URL => 'https://'.$this->host.($_path[0] !== '/' ? self::PREFIX : '').$_path,
 			CURLOPT_USERPWD => $this->user.':'.$this->config['ldap_root_pw'],
-			//CURLOPT_SSL_VERIFYHOST => 2,	// 0: to disable certificate check
+			CURLOPT_SSL_VERIFYHOST => empty($_SERVER['UDM_REST_INSECURE']) ? 2 : 0,	// 0: to disable certificate check
+			CURLOPT_SSL_VERIFYPEER => empty($_SERVER['UDM_REST_INSECURE']),
 			CURLOPT_HTTPHEADER => [
 				'Accept: application/json',
 			],