[wp-trac] [WordPress Trac] #18577: Updates and downloads should be delivered securely
WordPress Trac
noreply at wordpress.org
Tue Aug 20 01:16:55 UTC 2013
#18577: Updates and downloads should be delivered securely
-----------------------------+------------------------------
Reporter: wplid | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion |
-----------------------------+------------------------------
Comment (by rmccue):
Replying to [comment:22 GregLone]:
> Replying to [comment:21 dd32]:
> > The challenge here is duplicating the issue.. I'm not sure how to
compile PHP/cURL on a VM so that it's so broken..
> Unfortunately that's out of my reach. But if I can help by giving some
infos related to my NAS...
If you have access to the internal filesystem, seeing what's in
`/etc/ssl/certs/` and `/etc/ssl/openssl.cnf` would probably help.
As to reproducing this, you should be able to empty the `/etc/ssl/certs/`
directory and put your own root CA in there instead. WP should bundle
cURL's [http://curl.haxx.se/ca/cacert.pem cacert.pem], which is built from
[http://www.mozilla.org/projects/security/certs/policy/ Mozilla's CA Cert
project] (used in all major browsers).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18577#comment:23>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list