WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#30667 closed enhancement (worksforme)

Allow custom certificate store for WordPress HTTP API

Reported by: lukeschlather Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: HTTP API Keywords:
Focuses: Cc:

Description (last modified by SergeyBiryukov)

We run a multisite deployment with development/staging environments where we test updates prior to pushing them out to production. These run on HTTPS using certificates signed by our internal certificate authority.

When we attempt a network update, we receive an SSL error. Now, we presently add our certificates to WordPress' certificate store, but we prefer not to patch core every time we ingest an update.

My thinking is there should be a filter added that allows a plugin to specify a custom SSL CA store that will be automatically loaded. Does this seem reasonable?

Change History (2)

#1 @SergeyBiryukov
5 years ago

  • Component changed from General to HTTP API
  • Description modified (diff)
  • Summary changed from Allow custom certificate store for Wordpress HTTP API to Allow custom certificate store for WordPress HTTP API

#2 @rmccue
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Hi lukeschlather, thanks for the report!

You should be able to do this already through the http_request_args filter:

add_filter( 'http_request_args', function ( $args ) {
	$args['sslcertificates'] = '/path/to/certs.crt';
	return $args;
} );

There's not really a way to tell if the user passed their own in, but checking if it's === ABSPATH . WPINC . '/certificates/ca-bundle.crt' is pretty safe.

Note: See TracTickets for help on using tickets.