[wp-trac] [WordPress Trac] #38232: Setting `sslverify` to false still validates the hostname
WordPress Trac
noreply at wordpress.org
Wed Oct 5 03:10:50 UTC 2016
#38232: Setting `sslverify` to false still validates the hostname
--------------------------+-----------------
Reporter: dd32 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.7
Component: HTTP API | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------
Under 4.5.x when you set `sslverify` to `false` it'd make a HTTPS
connection and ignore the validity of the certificate presented.
Under 4.6/4.6.1 it still ignores the validity, but verifies that the SSL
matches the domain (ie. `example.com` cert would be rejected for a
`example.net` request).
This was fixed upstream in https://github.com/rmccue/Requests/pull/239
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38232>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list