WordPress.org

Make WordPress Core

Changeset 34639


Ignore:
Timestamp:
09/27/2015 09:37:00 PM (5 years ago)
Author:
johnbillion
Message:

Don't set CURLOPT_CAINFO when sslverify is false when sending HTTP API requests through cURL. This avoids sending redundant information to cURL, and avoids a bug in Apple's SecureTransport library which causes a request to fail when a CA bundle is set but certificate verification is disabled.

This fixes issues with local HTTPS requests (eg. WP Cron) on OS X where cURL is using SecureTransport instead of OpenSSL.

Fixes #33978

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-http-curl.php

    r34585 r34639  
    134134        curl_setopt( $handle, CURLOPT_SSL_VERIFYHOST, ( $ssl_verify === true ) ? 2 : false );
    135135        curl_setopt( $handle, CURLOPT_SSL_VERIFYPEER, $ssl_verify );
    136         curl_setopt( $handle, CURLOPT_CAINFO, $r['sslcertificates'] );
     136
     137        if ( $ssl_verify ) {
     138            curl_setopt( $handle, CURLOPT_CAINFO, $r['sslcertificates'] );
     139        }
     140
    137141        curl_setopt( $handle, CURLOPT_USERAGENT, $r['user-agent'] );
    138142
  • trunk/tests/phpunit/tests/http/base.php

    r34600 r34639  
    1616    var $fileStreamUrl = 'http://s.w.org/screenshots/3.9/dashboard.png';
    1717
     18    protected $http_request_args;
     19
    1820    function setUp() {
    1921
     
    4143        }
    4244        parent::tearDown();
     45    }
     46
     47    function filter_http_request_args( array $args ) {
     48        $this->http_request_args = $args;
     49        return $args;
    4350    }
    4451
     
    284291
    285292    /**
     293     * Test HTTP requests where SSL verification is disabled but the CA bundle is still populated
     294     *
     295     * @ticket 33978
     296     */
     297    function test_https_url_without_ssl_verification() {
     298        $url = 'https://wordpress.org/';
     299        $args = array(
     300            'sslverify' => false,
     301        );
     302
     303        add_filter( 'http_request_args', array( $this, 'filter_http_request_args' ) );
     304
     305        $res = wp_remote_head( $url, $args );
     306
     307        remove_filter( 'http_request_args', array( $this, 'filter_http_request_args' ) );
     308
     309        $this->assertNotEmpty( $this->http_request_args['sslcertificates'] );
     310        $this->assertNotWPError( $res );
     311    }
     312
     313    /**
    286314     * Test HTTP Redirects with multiple Location headers specified
    287315     *
Note: See TracChangeset for help on using the changeset viewer.