Something I stumbled across today that might be interesting. We where doing SSO between Moodle and Mahara on a server running everything through HTTPS with an unsigned certificate. The curl calls in the xmlrpc clients don't like this at all and it fails.
The fix is to go and find the two blocks of curl_setopts in Mahara and add two more...
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
I suppose the same might be true in Moodle to in certain circumstances.
BUT... you are throwing away some security. Curl is no longer checking the certificates properly. It's up to you if that is an issue but you are courting a "man in the middle" attack!
Where are two blocks of curl_setopts in Mahara