[wp-trac] [WordPress Trac] #25007: WP_HTTP_Fsockopen does not verify SSL certificates
WordPress Trac
noreply at wordpress.org
Sun Sep 8 03:16:08 UTC 2013
#25007: WP_HTTP_Fsockopen does not verify SSL certificates
------------------------------+------------------
Reporter: rmccue | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.7
Component: HTTP | Version:
Severity: major | Resolution:
Keywords: needs-unit-tests |
------------------------------+------------------
Comment (by rmccue):
Replying to [comment:24 dd32]:
> 1. Only use our local CA bundle when the systems CA bundle has been
proven not to work - ie. set a transient and disable system CA if
https://api.wordpress.org/ failed to validate
I don't like this at all, since it relies on a third party (which happens
to be us anyway, but still) having valid certificates.
I'm definitely in favour of having this in a plugin. I think the solution
here is:
1. Ensure trunk is kept up to date
1. Include the latest cacert with a plugin like Hotfix and use that as the
default if installed.
I've split the certificate pinning issue (point 2 from above) into #25252.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25007#comment:26>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list