[wp-meta] [Making WordPress.org] #611: Add ^wordpress.org SSL cert for clients that do not support subject alt names

Making WordPress.org noreply at wordpress.org
Thu Sep 18 17:00:41 UTC 2014 

#611: Add ^wordpress.org SSL cert for clients that do not support subject alt
names
------------------------+-----------------
Reporter:  BrianLayman  |      Owner:
    Type:  defect       |     Status:  new
Priority:  low          |  Component:  SSL
Keywords:               |
------------------------+-----------------
 Summary: Some clients, specifically older releases of wget, do not support
 alternative DNS names in certificates.  A recent change to wordpress.org
 forcing https may cause Linux scripts to throw errors.

 Details:
 I've got scripts that forcibly maintain clean WP installs by going out and
 grabbing http://wordpress.org/latest.zip and installing it.
 Within the last couple days the wordpress.org site changed to redirect
 that request to https://wordpress.org/latest.zip.
 The certificate on wordpress.org is explicitly for *.wordpress.org, but
 does have an alternative name for wordpress.org.
 DNS Name=*.wordpress.org
 DNS Name=wordpress.org

 So this is what I get on my script runs today:
 --2014-09-18 08:55:38--  http://wordpress.org/latest.zip
 Resolving wordpress.org... 66.155.40.249, 66.155.40.250
 Connecting to wordpress.org|66.155.40.249|:80... connected.
 HTTP request sent, awaiting response... 302 Moved Temporarily
 Location: https://wordpress.org/latest.zip [following]
 --2014-09-18 08:55:38--  https://wordpress.org/latest.zip
 Connecting to wordpress.org|66.155.40.249|:443... connected.
 ERROR: certificate common name `*.wordpress.org' doesn't match requested
 host name `wordpress.org'.
 To connect to wordpress.org insecurely, use `--no-check-certificate'.
 Unable to establish SSL connection.
 unzip:  cannot find or open latest.zip, latest.zip.zip or latest.zip.ZIP

 The source of the issue for me is that I have "GNU Wget 1.11.4 Red Hat
 modified" or older on most of the servers I manage.  The issue is fixed in
 1.12.

 I'll update the wget on my servers, but thought this should still be
 logged for informational purposes, if nothing else.

 Thank you to Nacin on the assist in diagnosing the true issue at hand..

--
Ticket URL: <https://meta.trac.wordpress.org/ticket/611>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list