WP_HTTP should ensure that the SSL Certificate bundle is readable before using it
|Reported by:||dd32||Owned by:|
|Component:||HTTP API||Keywords:||has-patch 2nd-opinion|
Currently WP_HTTP blindly forces it's transports to use the SSL Certificate bundle without verifying that PHP can read the file.
This has negative impacts in cases where the file failed to copy for some reason or is no longer accessible, if that happens, then all SSL communication will fail as the SSL cert can't be accessed.
We should instead, not force Streams/Curl to use it (by setting it to null or similar) when it's unreadable, allowing it to fall back to the PHP or Systems SSL CA files.
This should only be done for the default values, and not for when the callee specifically passes a custom sslcertificate