[wp-trac] [WordPress Trac] #25813: WP_HTTP should ensure that the SSL Certificate bundle is readable before using it

WordPress Trac noreply at wordpress.org
Mon Nov 4 06:22:53 UTC 2013


#25813: WP_HTTP should ensure that the SSL Certificate bundle is readable before
using it
--------------------------+-------------------------
 Reporter:  dd32          |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  3.8
Component:  HTTP          |    Version:  3.7
 Severity:  normal        |   Keywords:  needs-patch
--------------------------+-------------------------
 Currently WP_HTTP blindly forces it's transports to use the SSL
 Certificate bundle without verifying that PHP can read the file.

 This has negative impacts in cases where the file failed to copy for some
 reason or is no longer accessible, if that happens, then all SSL
 communication will fail as the SSL cert can't be accessed.

 We should instead, not force Streams/Curl to use it (by setting it to null
 or similar) when it's unreadable, allowing it to fall back to the PHP or
 Systems SSL CA files.

 This should only be done for the default values, and not for when the
 callee specifically passes a custom `sslcertificate`

--
Ticket URL: <http://core.trac.wordpress.org/ticket/25813>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list