Changeset 34639 for trunk/src/wp-includes/class-wp-http-curl.php

Timestamp:

09/27/2015 09:37:00 PM (10 years ago)

Author:

johnbillion

Message:

Don't set CURLOPT_CAINFO when sslverify is false when sending HTTP API requests through cURL. This avoids sending redundant information to cURL, and avoids a bug in Apple's SecureTransport library which causes a request to fail when a CA bundle is set but certificate verification is disabled.

This fixes issues with local HTTPS requests (eg. WP Cron) on OS X where cURL is using SecureTransport instead of OpenSSL.

Fixes #33978

File:

• trunk/src/wp-includes/class-wp-http-curl.php (modified) (1 diff)

trunk/src/wp-includes/class-wp-http-curl.php

@@ -134 +134 @@
         curl_setopt( $handle, CURLOPT_SSL_VERIFYHOST, ( $ssl_verify === true ) ? 2 : false );
         curl_setopt( $handle, CURLOPT_SSL_VERIFYPEER, $ssl_verify );
-        curl_setopt( $handle, CURLOPT_CAINFO, $r['sslcertificates'] );
+
+        if ( $ssl_verify ) {
+            curl_setopt( $handle, CURLOPT_CAINFO, $r['sslcertificates'] );
+        }
+
         curl_setopt( $handle, CURLOPT_USERAGENT, $r['user-agent'] );