[wp-trac] [WordPress Trac] #16606: WP_Http_Streams::test doesn't check enough to confirm if it can do HTTPS
WordPress Trac
wp-trac at lists.automattic.com
Tue Apr 5 05:22:31 UTC 2011
#16606: WP_Http_Streams::test doesn't check enough to confirm if it can do HTTPS
---------------------------------+-----------------------------
Reporter: westi | Owner:
Type: defect (bug) | Status: new
Priority: high | Milestone: Future Release
Component: HTTP | Version: 3.0.5
Severity: major | Resolution:
Keywords: 3.2-early has-patch |
---------------------------------+-----------------------------
Comment (by mdawaffe):
Replying to [comment:13 sivel]:
> For streams, perhaps allow_self_signed can be of use.
We can't enable allow_self_signed by default. That would allow MITM
attacks. There's currently no filter on the options array, but there
should be.
Replying to [comment:13 sivel]:
> As far as requiring cafile or capath, I don't remember that being the
case from my testing.
Were you testing with the faulty code addressed in
[attachment:16606.8.diff 16606.8.diff]? Try [attachment:test-https-
request-methods.php this test case].
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16606#comment:15>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list