Index: branches/5.2.x/core/units/helpers/curl_helper.php
===================================================================
diff -u -r16752 -r16790
--- branches/5.2.x/core/units/helpers/curl_helper.php	(.../curl_helper.php)	(revision 16752)
+++ branches/5.2.x/core/units/helpers/curl_helper.php	(.../curl_helper.php)	(revision 16790)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: curl_helper.php 16752 2022-11-09 15:56:04Z alex $
+* @version	$Id: curl_helper.php 16790 2024-06-17 16:30:14Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -12,6 +12,8 @@
 * See http://www.in-portal.org/license for copyright notices and details.
 */
 
+use Composer\CaBundle\CaBundle;
+
 	defined('FULL_PATH') or die('restricted access!');
 
 	class kCurlHelper extends kHelper {
@@ -39,18 +41,16 @@
 		/**
 		 * Response waiting timeout in seconds
 		 *
-		 * @var int
-		 * @access public
+		 * @var integer
 		 */
-		public $timeout = 90;
+		public $timeout;
 
 		/**
 		 * Follow to url, if redirect received instead of document (only works when open_basedir and safe mode is off)
 		 *
-		 * @var bool
-		 * @access public
+		 * @var boolean
 		 */
-		public $followLocation = false;
+		public $followLocation;
 
 		/**
 		 * Last response received by Curl
@@ -95,59 +95,69 @@
 		/**
 		 * Default request method
 		 *
-		 * @var int
-		 * @access protected
+		 * @var integer
 		 */
-		protected $requestMethod = self::REQUEST_METHOD_GET;
+		protected $requestMethod;
 
 		/**
 		 * Data to be sent using curl
 		 *
 		 * @var string
-		 * @access protected
 		 */
-		protected $requestData = '';
+		protected $requestData;
 
 		/**
 		 * Request headers (associative array)
 		 *
 		 * @var Array
-		 * @access protected
 		 */
-		protected $requestHeaders = Array ();
+		protected $requestHeaders;
 
 		/**
 		 * Response headers
 		 *
 		 * @var Array
-		 * @access protected
 		 */
-		protected $responseHeaders = Array ();
+		protected $responseHeaders;
 
 		/**
 		 * CURL options
 		 *
 		 * @var Array
-		 * @access protected
 		 */
-		protected $options = Array ();
+		protected $options;
 
 		/**
 		 * Indicates debug mode status
 		 *
-		 * @var bool
-		 * @access public
+		 * @var boolean
 		 */
-		public $debugMode = false;
+		public $debugMode;
 
 		/**
+		 * SSL Certificates file.
+		 *
+		 * @var string
+		 */
+		protected $sslCertificatesFile;
+
+		/**
+		 * Verify SSL certificates.
+		 *
+		 * @var boolean
+		 */
+		protected $verifySslCertificate;
+
+		/**
 		 * Creates an instance of kCurlHelper class
 		 */
 		public function __construct()
 		{
 			parent::__construct();
 
 			$this->debugMode = kUtil::constOn('DBG_CURL');
+
+			$this->_resetSettings();
 		}
 
 		/**
@@ -164,6 +174,8 @@
 			$this->requestHeaders = Array ();
 			$this->responseHeaders = Array ();
 			$this->options = Array ();
+			$this->sslCertificatesFile = CaBundle::getSystemCaRootBundlePath();
+			$this->verifySslCertificate = true;
 		}
 
 		/**
@@ -206,14 +218,20 @@
 				CURLOPT_REFERER => PROTOCOL.SERVER_NAME,
 				CURLOPT_MAXREDIRS => 5,
 
-				// don't verify SSL certificates
-				CURLOPT_SSL_VERIFYPEER => false,
-				CURLOPT_SSL_VERIFYHOST => false,
-
 				// Prevents CURL from adding "Expect: 100-continue" header for POST requests.
 				CURLOPT_HTTPHEADER => Array ('Expect:'),
 			);
 
+			if ( $this->verifySslCertificate ) {
+				$default_options[CURLOPT_SSL_VERIFYHOST] = 2;
+				$default_options[CURLOPT_SSL_VERIFYPEER] = true;
+				$default_options[CURLOPT_CAINFO] = $this->sslCertificatesFile;
+			}
+			else {
+				$default_options[CURLOPT_SSL_VERIFYHOST] = false;
+				$default_options[CURLOPT_SSL_VERIFYPEER] = false;
+			}
+
 			if ( isset($_SERVER['HTTP_USER_AGENT']) ) {
 				$default_options[CURLOPT_USERAGENT] = $_SERVER['HTTP_USER_AGENT'];
 			}
@@ -340,6 +358,37 @@
 		}
 
 		/**
+		 * Disables SSL certificate validation.
+		 *
+		 * @return void
+		 */
+		public function disableSslCertificateVerification()
+		{
+			$this->verifySslCertificate = false;
+		}
+
+		/**
+		 * Enable SSL certificate validation.
+		 *
+		 * @param string|null $certificates_file Certificates file.
+		 *
+		 * @return void
+		 * @throws RuntimeException When given certificates file doesn't exist on disk.
+		 */
+		public function enableSslCertificateVerification($certificates_file = null)
+		{
+			$this->verifySslCertificate = true;
+
+			if ( $certificates_file !== null ) {
+				if ( !file_exists($certificates_file) ) {
+					throw new RuntimeException('The "' . $certificates_file . '" file does not exist.');
+				}
+
+				$this->sslCertificatesFile = $certificates_file;
+			}
+		}
+
+		/**
 		 * Performs CURL request and returns it's result
 		 *
 		 * @param string $url