Opened 4 years ago
#50288 new defect (bug)
fsockopen request turns off SNI when it shouldn't
Reported by: | csmall2 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.4.1 |
Component: | HTTP API | Keywords: | |
Focuses: | multisite | Cc: |
Description
I have a multisite setup where there are 3 domains in the same server. The network upgrade button fails every time with this sort of error:
Warning! Problem updating https://example.com. Your server may not be able to connect to sites running on it. Error message: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure stream_socket_client(): Failed to enable crypto stream_socket_client(): unable to connect to ssl://example.com:443 (Unknown error)
The issue is that my sites use SNI and the upgrade setup doesn't enable SNI because verification is turned off.
The bug can be traced to fsockopen transport in wp-includes/Requests/Transport/fsockopen.php line 444.
<?php // SNI, if enabled (OpenSSL >=0.9.8j) if (defined('OPENSSL_TLSEXT_SERVER_NAME') && OPENSSL_TLSEXT_SERVER_NAME) { $context_options['SNI_enabled'] = true; if (isset($options['verifyname']) && $options['verifyname'] === false) { $context_options['SNI_enabled'] = false; } }
If you have verifyname option set to false then SNI is not enabled. However you need SNI on for this to work anyway.
The work-around is to comment out the $context_optionsSNI_enabled? = false; line and it the network upgrade works fine.
Note: See
TracTickets for help on using
tickets.