SAML2_SOAPClient: Add option to disable the inclusion of client certificates.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2750 44740490-163a-0410-bde0-09ae8108e29a

lib/SAML2/SOAPClient.php

@@ -31,9 +31,12 @@ class SAML2_SOAPClient {
 
 		// Determine if we are going to do a MutualSSL connection between the IdP and SP  - Shoaib
 		if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
-			$ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
-			if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
-				$ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
+			$cert = $srcMetadata->getValue('saml.SOAPClient.certificate');
+			if ($cert !== FALSE) {
+				$ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
+				if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
+					$ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
+				}
 			}
 		} else {
 			/* Use the SP certificate and privatekey if it is configured. */

modules/saml/docs/sp.txt

@@ -241,6 +241,8 @@ Options
 :   A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
     If this option isn't specified, the SP private key and certificate will be used.
 
+:   This option can also be set to `FALSE`, in which case no client certificate will be used.
+
 `saml.SOAPClient.privatekey_pass`
 :   The passphrase of the privatekey in `saml.SOAPClient.certificate`.