[wp-trac] [WordPress Trac] #50288: fsockopen request turns off SNI when it shouldn't
WordPress Trac
noreply at wordpress.org
Sun May 31 10:11:29 UTC 2020
#50288: fsockopen request turns off SNI when it shouldn't
--------------------------+-----------------------------
Reporter: csmall2 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTTP API | Version: 5.4.1
Severity: normal | Keywords:
Focuses: multisite |
--------------------------+-----------------------------
I have a multisite setup where there are 3 domains in the same server. The
network upgrade button fails every time with this sort of error:
{{{
Warning! Problem updating https://example.com. Your server may not be able
to connect to sites running on it. Error message: stream_socket_client():
SSL operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
stream_socket_client(): Failed to enable crypto stream_socket_client():
unable to connect to ssl://example.com:443 (Unknown error)
}}}
The issue is that my sites use SNI and the upgrade setup doesn't enable
SNI because verification is turned off.
The bug can be traced to fsockopen transport in wp-
includes/Requests/Transport/fsockopen.php line 444.
{{{#!php
<?php
// SNI, if enabled (OpenSSL >=0.9.8j)
if (defined('OPENSSL_TLSEXT_SERVER_NAME') &&
OPENSSL_TLSEXT_SERVER_NAME) {
$context_options['SNI_enabled'] = true;
if (isset($options['verifyname']) &&
$options['verifyname'] === false) {
$context_options['SNI_enabled'] =
false;
}
}
}}}
If you have verifyname option set to false then SNI is not enabled.
However you need SNI on for this to work anyway.
The work-around is to comment out the $context_options['SNI_enabled'] =
false; line and it the network upgrade works fine.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50288>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list