[wp-trac] [WordPress Trac] #25007: WP_HTTP_Fsockopen does not verify SSL certificates

WordPress Trac noreply at wordpress.org
Mon Sep 23 09:58:00 UTC 2013

#25007: WP_HTTP_Fsockopen does not verify SSL certificates
 Reporter:  rmccue            |       Owner:
     Type:  defect (bug)      |      Status:  new
 Priority:  normal            |   Milestone:  3.7
Component:  HTTP              |     Version:
 Severity:  major             |  Resolution:
 Keywords:  needs-unit-tests  |

Comment (by dd32):

 Replying to [comment:46 dd32]:
 > Replying to [comment:31 pavelevap]:
 > > SSL certificate problem, verify that the CA cert is OK. Details:
 error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
 > I have tracked down this issue by re-creating the environment. It seems
 that OpenSSL/0.9.8i (at least, I haven't tested other 0.9.8 builds yet)
 can't handle the 'EE Certification Centre Root CA' certificate (It's the
 last certificate in ca-bundle.crt, and the latest addition). It's not
 specific to the newly bundled file though, my testbed system also has that
 cert in the chain and it also fails with the system certs.
 > I'm not entirely sure what's causing the issue with that certificate,
 all I can say is if it's present, things break on PHP 5.2 (and some PHP
 5.3's it looks like).

 The only options I can come up with here is to just remove the
 Certificate, which means we won't be able to make requests to any domains
 signed by that Authority, otherwise this breaks HTTPS requests for PHP
 5.2.x users.

 The alternative, is to set a transient, if a HTTPS request fails with the
 above error, we disable HTTPS support for a week, at least that way the
 user can still access Manual updates and theme/plugin installations.

Ticket URL: <http://core.trac.wordpress.org/ticket/25007#comment:47>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list