[wp-trac] [WordPress Trac] #36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
WordPress Trac
noreply at wordpress.org
Wed Mar 30 15:33:19 UTC 2016
#36320: PayPal 2016 merchant security upgrades - Core defaults need to be changed
--------------------------+------------------------
Reporter: reidbusi | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: HTTP API | Version: 4.4.2
Severity: major | Resolution: duplicate
Keywords: | Focuses:
--------------------------+------------------------
Comment (by reidbusi):
Hi Mike, thanks for the reply. Yes I have read the other ticket and the
discussion about negotiation of TLS versions, which is why I quoted a
reply from my host (here it is again):
>The PHP binaries on our shared hosting servers are linked against the
system libraries and utilize an older library that does not auto-negotiate
SSL connections with other servers. This is expected to be fixed in CentOS
version 6.8, which our servers will automatically update to once the
release is pushed. You can see more about the bug report here:
https://bugzilla.redhat.com/show_bug.cgi?id=1289205 . We're hopeful that
CentOS 6.8 should be released within the next few months.
Also, the defines for the values of CURLOPT_SSLVERSION are missing on my
hosts setup. The integer values must be used.
wp_cron is related, because when you test the paypal ipn connection,
wordpress may decide to run cron which it appears it does through curl,
and when you look at the contents of the $url variable it contains the
cron url (scope issue?). It will do this inconsistently (not on every
request). This was revealed in my testing where I was dumping variables
with print_r() to observe what was going on. If I have time later I can
dig out the code I was using to test that and demonstrate it for you.
Right now I am working on site content for a client and don't have time to
repeat this at the moment.
So while we are making progress here, the current commit to the woo master
branch is still not quite there in my view.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36320#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list