[wp-trac] [WordPress Trac] #33978: Don't set CURLOPT_CAINFO if sslverify is false

WordPress Trac noreply at wordpress.org
Wed Sep 23 13:38:26 UTC 2015


#33978: Don't set CURLOPT_CAINFO if sslverify is false
--------------------------+-----------------------------
 Reporter:  johnbillion   |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  HTTP API      |    Version:
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 On OS X Yosemite and later, PHP can be compiled with a version of cURL
 that uses SecureTransport instead of OpenSSL. SecureTransport suffers from
 a bug whereby passing it a CA bundle but asking it not to verify the
 server's certificate causes the connection to fail with the following
 error:

 `SSL: CA certificate set, but certificate verification is disabled`

 In this situation, an `https` request through the HTTP API will fail if
 `sslverify` is set to false, because the `sslcertificates` argument is
 always populated with core's CA bundle.

 This is fixed by not setting the `CURLOPT_CAINFO` setting when `sslverify`
 is false, which makes sense regardless of this bug.

 Further reading:

  * https://stackoverflow.com/questions/26710482/
  * https://stackoverflow.com/questions/26461966/

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33978>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list