[wp-trac] [WordPress Trac] #34381: verify_peer_name should be set for stream_context_create()
WordPress Trac
noreply at wordpress.org
Wed Oct 21 03:03:21 UTC 2015
#34381: verify_peer_name should be set for stream_context_create()
--------------------------+-----------------------------
Reporter: nosilver4u | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTTP API | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
PHP 5.6.0 introduces a new context option for the ssl stream wrapper:
verify_peer_name. It should be set to match the value of verify_peer
($ssl_verify), so that disabling cert checking is completely effective.
When it is not set, stream_socket_client() will throw a warning when the
CN does not match what is found in the certificate.
To replicate, setup a server with https (self-signed cert is perfect for
this case), with hostname like test.example.com, and set the cert CN to
bug.example.com.
Use wp_remote_post() to connect to test.example.com, with sslverify set to
false. The connection will fail with "Peer certificate CN=bug.example.com'
did not match expected CN=test.example.com"
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34381>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list