[wp-trac] [WordPress Trac] #30434: Update the bundled Root SSL Certificate file

WordPress Trac noreply at wordpress.org
Wed Sep 16 13:12:48 UTC 2015


#30434: Update the bundled Root SSL Certificate file
----------------------------+-----------------------------
 Reporter:  dd32            |       Owner:  dd32
     Type:  task (blessed)  |      Status:  assigned
 Priority:  normal          |   Milestone:  Future Release
Component:  HTTP API        |     Version:  3.7
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+-----------------------------

Comment (by aaroncampbell):

 I think we need to look at this again. The number of certificates using
 newer roots that WP is missing is growing. People are starting to have to
 turn off verify peer again (just recently had to myself).
 [attachment:30434.diff] pulls the [http://hg.mozilla.org/releases/mozilla-
 release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt certs
 from mozilla] and moves the EE cert to the top.

 As an alternative, could we just add the new ones without removing the old
 ones? I mean, I don't want to collect them forever, but not adding the new
 ones doesn't seem like a reasonable solution either.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/30434#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list