/
NativeSPTransportOption

The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

NativeSPTransportOption

Jul 02, 2013

The <TransportOption> element allows implementation-specific properties to be passed into the SOAP transport implementation class, bypassing the usual abstractions.

This can be a powerful, but dangerous feature. Used improperly, crashes are quite possible to induce.

<TransportOption provider="CURL" option="100">2</TransportOption>

General Attributes

  • provider(string)

    • Identifies the transport implementation the option is intended to be passed into. "CURL" is generally supported, and "OpenSSL" is supported in Version 2.4 and higher.

CURL Provider

When provider is set to "CURL", the following information applies.

Attributes

  • option(string)

    • A CURL option number, which can be determined by examining the curl.h header file or the curl_easy_init man page. Find below a list of options:

Element Content

The content of the element is an option-specific string that depends on the option being set.

Examples

Restrict transport to IPv4
<TransportOption provider="CURL" option="113">1</TransportOption>
Set transport timeout in seconds
<TransportOption provider="CURL" option="13">120</TransportOption>
Set HTTP proxy address
<TransportOption provider="CURL" option="10004">proxy.example.org:8080</TransportOption>
Verify SSL certificate
<!-- Known to work with curl 7.26 and GnuTLS 2.12.20 (Debian 7.0) --> <TransportOption provider="CURL" option="64">1</TransportOption> <TransportOption provider="CURL" option="81">2</TransportOption> <TransportOption provider="CURL" option="10065">/etc/ssl/certs/ca-certificates.crt</TransportOption>

OpenSSL Provider (Version 2.4 and Above)

When provider is set to "OpenSSL", the following information applies.

Attributes

  • option(string)

    • The only supported value is currently "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION". If the element content is "1" or "true", this causes the option for unsafe renegotiation to be applied, allowing interop with older servers when using very recent versions of OpenSSL.

Element Content

The content of the element is an option-specific string that depends on the option being set.