[wp-trac] [WordPress Trac] #25007: WP_HTTP_Fsockopen does not verify SSL certificates
WordPress Trac
noreply at wordpress.org
Mon Sep 23 09:58:00 UTC 2013
#25007: WP_HTTP_Fsockopen does not verify SSL certificates
------------------------------+------------------
Reporter: rmccue | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.7
Component: HTTP | Version:
Severity: major | Resolution:
Keywords: needs-unit-tests |
------------------------------+------------------
Comment (by dd32):
Replying to [comment:46 dd32]:
> Replying to [comment:31 pavelevap]:
> > SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
>
> I have tracked down this issue by re-creating the environment. It seems
that OpenSSL/0.9.8i (at least, I haven't tested other 0.9.8 builds yet)
can't handle the 'EE Certification Centre Root CA' certificate (It's the
last certificate in ca-bundle.crt, and the latest addition). It's not
specific to the newly bundled file though, my testbed system also has that
cert in the chain and it also fails with the system certs.
>
> I'm not entirely sure what's causing the issue with that certificate,
all I can say is if it's present, things break on PHP 5.2 (and some PHP
5.3's it looks like).
The only options I can come up with here is to just remove the
Certificate, which means we won't be able to make requests to any domains
signed by that Authority, otherwise this breaks HTTPS requests for PHP
5.2.x users.
The alternative, is to set a transient, if a HTTPS request fails with the
above error, we disable HTTPS support for a week, at least that way the
user can still access Manual updates and theme/plugin installations.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25007#comment:47>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list