[wp-trac] [WordPress Trac] #25007: WP_HTTP_Fsockopen does not verify SSL certificates
WordPress Trac
noreply at wordpress.org
Mon Sep 23 12:22:11 UTC 2013
#25007: WP_HTTP_Fsockopen does not verify SSL certificates
------------------------------+------------------
Reporter: rmccue | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.7
Component: HTTP | Version:
Severity: major | Resolution:
Keywords: needs-unit-tests |
------------------------------+------------------
Comment (by godhulii_1985):
Hi,
I am a plugin author (automatic login to wp site via google oauth) and I
am facing some error. After reading the discussion of this trac, I think
my problem is related to this.
I cannot fetch data from google unless I provide .pem file. I downloaded
the standard .pem file from haxx.se and used. I noticed that facebook also
provide this file in their sdk.
{{{
//$go... = Person's google+ id from https://plus.google.com/NNN url where
NNN = id
$apiurl =
"https://www.googleapis.com/plus/v1/people/$googlePersonID?alt=json&access_token="
. $token;
}}}
Using verify ssl / this code fragment doesn't work:
{{{
curl_setopt($tuCurl, CURLOPT_SSLVERSION, 3);
curl_setopt($tuCurl, CURLOPT_SSL_VERIFYHOST, 2);
}}}
This works:
{{{
curl_setopt($tuCurl, CURLOPT_SSLVERSION, 3);
curl_setopt($tuCurl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($tuCurl, CURLOPT_CAINFO, plugin_dir_path( __FILE__
).'cacert.pem');
}}}
So, it will be really nice if we are given an additional filter to include
.pem file :-)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25007#comment:48>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list