Opened 9 years ago
Closed 8 years ago
#34381 closed defect (bug) (duplicate)
verify_peer_name should be set for stream_context_create()
Reported by: | nosilver4u | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | HTTP API | Keywords: | needs-patch needs-testing |
Focuses: | Cc: |
Description
PHP 5.6.0 introduces a new context option for the ssl stream wrapper: verify_peer_name. It should be set to match the value of verify_peer ($ssl_verify), so that disabling cert checking is completely effective. When it is not set, stream_socket_client() will throw a warning when the CN does not match what is found in the certificate.
To replicate, setup a server with https (self-signed cert is perfect for this case), with hostname like test.example.com, and set the cert CN to bug.example.com.
Use wp_remote_post() to connect to test.example.com, with sslverify set to false. The connection will fail with "Peer certificate CN=bug.example.com' did not match expected CN=test.example.com"
Change History (3)
#1
@
9 years ago
- Keywords needs-patch needs-testing added
- Milestone changed from Awaiting Review to Future Release
- Version trunk deleted
Note: See
TracTickets for help on using
tickets.
Thanks for the ticket @nosilver4u. At first glance, this seems like something we'll need to account for with PHP 5.6.0 and later. Patch and testing needed.