[wp-trac] [WordPress Trac] #25716: HTTP requests fails with "SSL read: error:00000000:lib(0):func(0):reason( 0), errno 0"
WordPress Trac
noreply at wordpress.org
Sat Oct 26 17:33:19 UTC 2013
#25716: HTTP requests fails with "SSL read: error:00000000:lib(0):func(0):reason(
0), errno 0"
-----------------------------+--------------------
Reporter: ocean90 | Owner:
Type: defect (bug) | Status: new
Priority: highest omg bbq | Milestone: 3.7.1
Component: HTTP | Version: 3.7
Severity: blocker | Resolution:
Keywords: needs-testing |
-----------------------------+--------------------
Comment (by rmccue):
Replying to [comment:3 nacin]:
> Well, not entirely. We still only serve auto-updates from the WP.org API
if the request doesn't come through SSL. For 3.7, we need to contain the
damage by always trying non-SSL when a request fails.
If you're on a site without SSL support and you attempt an update, without
an AYS you'll never know if you got MITM'd. That's a huge security issue,
which is why IMO we should ''at least'' issue a warning.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25716#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list