Index: branches/5.2.x/composer.json
===================================================================
diff -u -r16769 -r16790
--- branches/5.2.x/composer.json	(.../composer.json)	(revision 16769)
+++ branches/5.2.x/composer.json	(.../composer.json)	(revision 16790)
@@ -5,7 +5,8 @@
 		"paragonie/random_compat": "^2.0",
 		"symfony/polyfill-php55": "^1.19",
 		"symfony/polyfill-php56": "^1.19",
-		"mtdowling/cron-expression": "dev-master"
+		"mtdowling/cron-expression": "dev-master",
+		"composer/ca-bundle": "^1.4"
 	},
 	"require-dev": {
 		"behat/mink": "^1.7",
Index: branches/5.2.x/composer.lock
===================================================================
diff -u -r16769 -r16790
--- branches/5.2.x/composer.lock	(.../composer.lock)	(revision 16769)
+++ branches/5.2.x/composer.lock	(.../composer.lock)	(revision 16790)
@@ -4,9 +4,85 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "e44d657cbe6f1c15496b087609a60d98",
+    "content-hash": "922fac12a67a2841a04bbbc90747f1e5",
     "packages": [
         {
+            "name": "composer/ca-bundle",
+            "version": "1.4.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/composer/ca-bundle.git",
+                "reference": "18fc0ab083a48f85bfee31f3786537353b8a8403"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/composer/ca-bundle/zipball/18fc0ab083a48f85bfee31f3786537353b8a8403",
+                "reference": "18fc0ab083a48f85bfee31f3786537353b8a8403",
+                "shasum": ""
+            },
+            "require": {
+                "ext-openssl": "*",
+                "ext-pcre": "*",
+                "php": "^5.3.2 || ^7.0 || ^8.0"
+            },
+            "require-dev": {
+                "phpstan/phpstan": "^0.12.55",
+                "psr/log": "^1.0",
+                "symfony/phpunit-bridge": "^4.2 || ^5",
+                "symfony/process": "^2.5 || ^3.0 || ^4.0 || ^5.0 || ^6.0 || ^7.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "1.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Composer\\CaBundle\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Jordi Boggiano",
+                    "email": "j.boggiano@seld.be",
+                    "homepage": "http://seld.be"
+                }
+            ],
+            "description": "Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.",
+            "keywords": [
+                "cabundle",
+                "cacert",
+                "certificate",
+                "ssl",
+                "tls"
+            ],
+            "support": {
+                "irc": "irc://irc.freenode.org/composer",
+                "issues": "https://github.com/composer/ca-bundle/issues",
+                "source": "https://github.com/composer/ca-bundle/tree/1.4.2"
+            },
+            "funding": [
+                {
+                    "url": "https://packagist.com",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/composer",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/composer/composer",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-03-14T13:20:33+00:00"
+        },
+        {
             "name": "ircmaxell/password-compat",
             "version": "v1.0.4",
             "source": {
Index: branches/5.2.x/core/units/helpers/curl_helper.php
===================================================================
diff -u -r16752 -r16790
--- branches/5.2.x/core/units/helpers/curl_helper.php	(.../curl_helper.php)	(revision 16752)
+++ branches/5.2.x/core/units/helpers/curl_helper.php	(.../curl_helper.php)	(revision 16790)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: curl_helper.php 16752 2022-11-09 15:56:04Z alex $
+* @version	$Id: curl_helper.php 16790 2024-06-17 16:30:14Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -12,6 +12,8 @@
 * See http://www.in-portal.org/license for copyright notices and details.
 */
 
+use Composer\CaBundle\CaBundle;
+
 	defined('FULL_PATH') or die('restricted access!');
 
 	class kCurlHelper extends kHelper {
@@ -39,18 +41,16 @@
 		/**
 		 * Response waiting timeout in seconds
 		 *
-		 * @var int
-		 * @access public
+		 * @var integer
 		 */
-		public $timeout = 90;
+		public $timeout;
 
 		/**
 		 * Follow to url, if redirect received instead of document (only works when open_basedir and safe mode is off)
 		 *
-		 * @var bool
-		 * @access public
+		 * @var boolean
 		 */
-		public $followLocation = false;
+		public $followLocation;
 
 		/**
 		 * Last response received by Curl
@@ -95,59 +95,69 @@
 		/**
 		 * Default request method
 		 *
-		 * @var int
-		 * @access protected
+		 * @var integer
 		 */
-		protected $requestMethod = self::REQUEST_METHOD_GET;
+		protected $requestMethod;
 
 		/**
 		 * Data to be sent using curl
 		 *
 		 * @var string
-		 * @access protected
 		 */
-		protected $requestData = '';
+		protected $requestData;
 
 		/**
 		 * Request headers (associative array)
 		 *
 		 * @var Array
-		 * @access protected
 		 */
-		protected $requestHeaders = Array ();
+		protected $requestHeaders;
 
 		/**
 		 * Response headers
 		 *
 		 * @var Array
-		 * @access protected
 		 */
-		protected $responseHeaders = Array ();
+		protected $responseHeaders;
 
 		/**
 		 * CURL options
 		 *
 		 * @var Array
-		 * @access protected
 		 */
-		protected $options = Array ();
+		protected $options;
 
 		/**
 		 * Indicates debug mode status
 		 *
-		 * @var bool
-		 * @access public
+		 * @var boolean
 		 */
-		public $debugMode = false;
+		public $debugMode;
 
 		/**
+		 * SSL Certificates file.
+		 *
+		 * @var string
+		 */
+		protected $sslCertificatesFile;
+
+		/**
+		 * Verify SSL certificates.
+		 *
+		 * @var boolean
+		 */
+		protected $verifySslCertificate;
+
+		/**
 		 * Creates an instance of kCurlHelper class
 		 */
 		public function __construct()
 		{
 			parent::__construct();
 
 			$this->debugMode = kUtil::constOn('DBG_CURL');
+
+			$this->_resetSettings();
 		}
 
 		/**
@@ -164,6 +174,8 @@
 			$this->requestHeaders = Array ();
 			$this->responseHeaders = Array ();
 			$this->options = Array ();
+			$this->sslCertificatesFile = CaBundle::getSystemCaRootBundlePath();
+			$this->verifySslCertificate = true;
 		}
 
 		/**
@@ -206,14 +218,20 @@
 				CURLOPT_REFERER => PROTOCOL.SERVER_NAME,
 				CURLOPT_MAXREDIRS => 5,
 
-				// don't verify SSL certificates
-				CURLOPT_SSL_VERIFYPEER => false,
-				CURLOPT_SSL_VERIFYHOST => false,
-
 				// Prevents CURL from adding "Expect: 100-continue" header for POST requests.
 				CURLOPT_HTTPHEADER => Array ('Expect:'),
 			);
 
+			if ( $this->verifySslCertificate ) {
+				$default_options[CURLOPT_SSL_VERIFYHOST] = 2;
+				$default_options[CURLOPT_SSL_VERIFYPEER] = true;
+				$default_options[CURLOPT_CAINFO] = $this->sslCertificatesFile;
+			}
+			else {
+				$default_options[CURLOPT_SSL_VERIFYHOST] = false;
+				$default_options[CURLOPT_SSL_VERIFYPEER] = false;
+			}
+
 			if ( isset($_SERVER['HTTP_USER_AGENT']) ) {
 				$default_options[CURLOPT_USERAGENT] = $_SERVER['HTTP_USER_AGENT'];
 			}
@@ -340,6 +358,37 @@
 		}
 
 		/**
+		 * Disables SSL certificate validation.
+		 *
+		 * @return void
+		 */
+		public function disableSslCertificateVerification()
+		{
+			$this->verifySslCertificate = false;
+		}
+
+		/**
+		 * Enable SSL certificate validation.
+		 *
+		 * @param string|null $certificates_file Certificates file.
+		 *
+		 * @return void
+		 * @throws RuntimeException When given certificates file doesn't exist on disk.
+		 */
+		public function enableSslCertificateVerification($certificates_file = null)
+		{
+			$this->verifySslCertificate = true;
+
+			if ( $certificates_file !== null ) {
+				if ( !file_exists($certificates_file) ) {
+					throw new RuntimeException('The "' . $certificates_file . '" file does not exist.');
+				}
+
+				$this->sslCertificatesFile = $certificates_file;
+			}
+		}
+
+		/**
 		 * Performs CURL request and returns it's result
 		 *
 		 * @param string $url