WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 7 years ago

#25813 closed defect (bug) (wontfix)

WP_HTTP should ensure that the SSL Certificate bundle is readable before using it

Reported by: dd32 Owned by:
Milestone: Priority: lowest
Severity: trivial Version: 3.7
Component: HTTP API Keywords: has-patch 2nd-opinion
Focuses: Cc:

Description

Currently WP_HTTP blindly forces it's transports to use the SSL Certificate bundle without verifying that PHP can read the file.

This has negative impacts in cases where the file failed to copy for some reason or is no longer accessible, if that happens, then all SSL communication will fail as the SSL cert can't be accessed.

We should instead, not force Streams/Curl to use it (by setting it to null or similar) when it's unreadable, allowing it to fall back to the PHP or Systems SSL CA files.

This should only be done for the default values, and not for when the callee specifically passes a custom sslcertificate

Attachments (1)

25813.diff (1.9 KB) - added by dd32 8 years ago.

Download all attachments as: .zip

Change History (4)

@dd32
8 years ago

#1 @dd32
8 years ago

  • Keywords has-patch 2nd-opinion added; needs-patch removed

This was brought up after it was noticed that some 3.7 installs were failing to make SSL connections, this was due to the certificates file not being copied over for one reason or another.

25813.diff is an implementation of this, but after looking at it, I'm not sure if it needs to be changed. Thoughts?

#2 @dd32
8 years ago

  • Milestone changed from 3.8 to Future Release
  • Priority changed from normal to lowest
  • Severity changed from normal to trivial

#3 @dd32
7 years ago

  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed

This ship has sailed, in the event we see a problem in the future related, we can circle back.

Note: See TracTickets for help on using tickets.