[wp-trac] [WordPress Trac] #34935: Removed SSL certificates causing errors in WP 4.4

WordPress Trac noreply at wordpress.org
Mon Dec 14 02:02:20 UTC 2015


#34935: Removed SSL certificates causing errors in WP 4.4
------------------------------------+-----------------------
 Reporter:  DvanKooten              |       Owner:  rmccue
     Type:  defect (bug)            |      Status:  assigned
 Priority:  normal                  |   Milestone:  4.4.1
Component:  HTTP API                |     Version:  4.4
 Severity:  normal                  |  Resolution:
 Keywords:  has-patch https commit  |     Focuses:
------------------------------------+-----------------------

Comment (by dd32):

 Replying to [comment:10 rmccue]:
 > Therefore: I believe we should be able to take our existing bundle, and
 pull the 1024 bit certificates back in.
 >
 > Attaching patched version of the CA bundle that adds the 1024 bit
 certificates back; this fixes resolution for me via OpenSSL on the command
 line, but needs testing on a site that's broken.

 I agree with this direction. With an explicit mention in the commit (and
 file if possible) specifically explaining why we're including no-longer-
 trusted-by-browser roots.

 If there's any way of automatically generating the `crt` file for future
 maintenance that would also be grand. I'm thinking that even just pulling
 the latest NSS store + suffixing the 1024bit certs may be enough. Also
 worth noting is that we now need to monitor the status of these root
 certs, we've relied upon NSS to do that in the past, but since they no
 longer trust the certs, if one of them is compromised we'll need to be
 aware of it somehow.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34935#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list