[wp-trac] [WordPress Trac] #25007: WP_HTTP_Fsockopen does not verify SSL certificates

WordPress Trac noreply at wordpress.org
Tue Sep 3 13:23:44 UTC 2013

#25007: WP_HTTP_Fsockopen does not verify SSL certificates
 Reporter:  rmccue        |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  3.7
Component:  HTTP          |     Version:
 Severity:  major         |  Resolution:
 Keywords:                |

Comment (by rmccue):

 Replying to [comment:13 dd32]:
 > Well pointed out, Added in attachment:25007.3.diff through
 WP_HTTP_Streams::verify_ssl_certficate(). The more you take out of PHP's
 hands, the more you can rely upon it it seems.

 (For the record, although dd32 already knows:)

 Looks good to me, except that it's not strict enough. If subjectAltName is
 set, it's authoritative to the exclusion of CN (and you're not allowed to
 use CN based on my reading of the spec).

 > It appears that that change means it now supports the same as Requests

 I guess you'll just need to switch to Requests then ;)

Ticket URL: <http://core.trac.wordpress.org/ticket/25007#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list