[wp-trac] [WordPress Trac] #25007: WP_HTTP_Fsockopen does not verify SSL certificates
WordPress Trac
noreply at wordpress.org
Tue Sep 3 13:23:44 UTC 2013
#25007: WP_HTTP_Fsockopen does not verify SSL certificates
--------------------------+------------------
Reporter: rmccue | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.7
Component: HTTP | Version:
Severity: major | Resolution:
Keywords: |
--------------------------+------------------
Comment (by rmccue):
Replying to [comment:13 dd32]:
> Well pointed out, Added in attachment:25007.3.diff through
WP_HTTP_Streams::verify_ssl_certficate(). The more you take out of PHP's
hands, the more you can rely upon it it seems.
(For the record, although dd32 already knows:)
Looks good to me, except that it's not strict enough. If subjectAltName is
set, it's authoritative to the exclusion of CN (and you're not allowed to
use CN based on my reading of the spec).
> It appears that that change means it now supports the same as Requests
does.
I guess you'll just need to switch to Requests then ;)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25007#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list