[wp-trac] [WordPress Trac] #52614: Cloudflare Root Certificate Missing
WordPress Trac
noreply at wordpress.org
Wed Mar 17 17:24:04 UTC 2021
#52614: Cloudflare Root Certificate Missing
-----------------------------+----------------------
Reporter: thesimarchitect | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: minor | Resolution: wontfix
Keywords: | Focuses:
-----------------------------+----------------------
Comment (by ayeshrajans):
Thanks a lot @desrosj for taking a thorough look. You are right, this is
apparently the CloudFlare-issued publicly untrusted certificate, that
should not be trusted.
I opened #52837, that is somewhat related.
I think we can improve WordPress's HTTPS detection by running a test
client-side. I think OP and other sites that run on local/intranet should
have the custom root certificates already trusted by the browser, so
WordPress might as well just see if the browser accepts the certificate,
and assume it's good enough for certain cases to use HTTPS.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52614#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list