[wp-trac] [WordPress Trac] #25813: WP_HTTP should ensure that the SSL Certificate bundle is readable before using it
WordPress Trac
noreply at wordpress.org
Mon Nov 4 06:22:53 UTC 2013
#25813: WP_HTTP should ensure that the SSL Certificate bundle is readable before
using it
--------------------------+-------------------------
Reporter: dd32 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.8
Component: HTTP | Version: 3.7
Severity: normal | Keywords: needs-patch
--------------------------+-------------------------
Currently WP_HTTP blindly forces it's transports to use the SSL
Certificate bundle without verifying that PHP can read the file.
This has negative impacts in cases where the file failed to copy for some
reason or is no longer accessible, if that happens, then all SSL
communication will fail as the SSL cert can't be accessed.
We should instead, not force Streams/Curl to use it (by setting it to null
or similar) when it's unreadable, allowing it to fall back to the PHP or
Systems SSL CA files.
This should only be done for the default values, and not for when the
callee specifically passes a custom `sslcertificate`
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25813>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list