#47957 closed enhancement (fixed)
Don't verify SSL certificate for loopback test
Reported by: | ocean90 | Owned by: | ocean90 |
---|---|---|---|
Milestone: | 5.3 | Priority: | normal |
Severity: | normal | Version: | 5.2 |
Component: | Site Health | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
If a site uses a self-signed certificate the loopback test will report an error. Since spawn_cron()
doesn't verify the certificate the test shouldn't either to replicate core's behaviour.
Attachments (4)
Change History (9)
#1
@
5 years ago
Hmm, we definitely need a more reliable solution overall. The reason the Site Health check does it this way is because it was copied from how the plugin/theme editors do them (this was the basis for creating the test, as a lot of users had issues saving after the changes to t hem were implemented, all due to loopback failures).
There's now 3 places (likely to be more) that do loopbacks, so having a fixed loopback function is probably a more sustainable approach?
I'm thinking along the lines of function loopback( $target_url ) { return $WP_Http }
which all the places that do loopbacks can use, and by returning the WP_Http object those places can then check whatever they need, if that is the content body, headers etc.
This would also be handy for #47954 which looks to do loopback calls to verify URLs are reachable before breaking a users access to their site.
#2
@
5 years ago
- Keywords commit added
47957.patch includes the recommendations from 47957.3.diff, but also implements them for the theme/plugin editors so that it's consistent in all the places that currently do loopbacks.
Let's get this ticket fixed for now, as it's a simple fix, and we can keep looking into the deeper needs depending on the needs of #47954.
Disable sslverify for get_test_rest_availability()