[wp-trac] [WordPress Trac] #25007: WP_HTTP_Fsockopen does not verify SSL certificates
WordPress Trac
noreply at wordpress.org
Sat Aug 17 02:10:46 UTC 2013
#25007: WP_HTTP_Fsockopen does not verify SSL certificates
--------------------------+------------------
Reporter: rmccue | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.7
Component: HTTP | Version:
Severity: major | Resolution:
Keywords: |
--------------------------+------------------
Comment (by rmccue):
I've been performing some PHP archeology with dd32 today to check on
`stream_context_create` and `stream_socket_client`. Both of the functions
have been part of `ext/standard` (read: not disableable via `./configure`)
since [https://github.com/php/php-
src/commit/760573695c00921198363f16b4ac414954e66478 4.3] and
[https://github.com/php/php-
src/commit/1b53a2d12e520adec5cbbc60bf8f2b6d8e54eece 5.0] respectively.
I've also done a bug sweep of both on bugs.php.net and there's nothing
major in 5.2+.
Long story short: anywhere we can use `fsockopen`, we can use
`stream_socket_client`. I'd recommend switching the existing fsockopen
transport to use streams, as it's a one-line change for that. We can then
also pass in the context.
Note: We have to use the lower-level `tcp://` or `ssl://` rather than
`http://` to avoid cURL wrappers.
Note 2: These are still disableable via `disable_functions`, but I suspect
systems that allow `fsockopen` will allow the `stream_socket_*` family.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25007#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list