[wp-trac] [WordPress Trac] #34935: Removed SSL certificates causing errors in WP 4.4
WordPress Trac
noreply at wordpress.org
Mon Dec 14 02:02:20 UTC 2015
#34935: Removed SSL certificates causing errors in WP 4.4
------------------------------------+-----------------------
Reporter: DvanKooten | Owner: rmccue
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.4.1
Component: HTTP API | Version: 4.4
Severity: normal | Resolution:
Keywords: has-patch https commit | Focuses:
------------------------------------+-----------------------
Comment (by dd32):
Replying to [comment:10 rmccue]:
> Therefore: I believe we should be able to take our existing bundle, and
pull the 1024 bit certificates back in.
>
> Attaching patched version of the CA bundle that adds the 1024 bit
certificates back; this fixes resolution for me via OpenSSL on the command
line, but needs testing on a site that's broken.
I agree with this direction. With an explicit mention in the commit (and
file if possible) specifically explaining why we're including no-longer-
trusted-by-browser roots.
If there's any way of automatically generating the `crt` file for future
maintenance that would also be grand. I'm thinking that even just pulling
the latest NSS store + suffixing the 1024bit certs may be enough. Also
worth noting is that we now need to monitor the status of these root
certs, we've relied upon NSS to do that in the past, but since they no
longer trust the certs, if one of them is compromised we'll need to be
aware of it somehow.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34935#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list