[wp-trac] [WordPress Trac] #33978: Don't set CURLOPT_CAINFO if sslverify is false
WordPress Trac
noreply at wordpress.org
Wed Sep 23 13:38:26 UTC 2015
#33978: Don't set CURLOPT_CAINFO if sslverify is false
--------------------------+-----------------------------
Reporter: johnbillion | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTTP API | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
On OS X Yosemite and later, PHP can be compiled with a version of cURL
that uses SecureTransport instead of OpenSSL. SecureTransport suffers from
a bug whereby passing it a CA bundle but asking it not to verify the
server's certificate causes the connection to fail with the following
error:
`SSL: CA certificate set, but certificate verification is disabled`
In this situation, an `https` request through the HTTP API will fail if
`sslverify` is set to false, because the `sslcertificates` argument is
always populated with core's CA bundle.
This is fixed by not setting the `CURLOPT_CAINFO` setting when `sslverify`
is false, which makes sense regardless of this bug.
Further reading:
* https://stackoverflow.com/questions/26710482/
* https://stackoverflow.com/questions/26461966/
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33978>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list