Make WordPress Core

Opened 2 months ago

Last modified 5 weeks ago

#62711 new defect (bug)

`external-http` test failures in 4.1-4.5 branches

Reported by: desrosj's profile desrosj Owned by:
Milestone: 6.8 Priority: normal
Severity: normal Version:
Component: Security Keywords: has-patch
Focuses: Cc:

Description

A new test failure has started occurring in the 4.5 branch and earlier.

1) Tests_HTTP_streams::test_ssl
stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

/var/www/src/wp-includes/class-wp-http-streams.php:150
/var/www/src/wp-includes/class-http.php:433
/var/www/src/wp-includes/class-http.php:342
/var/www/src/wp-includes/class-http.php:496
/var/www/src/wp-includes/http.php:170
/var/www/tests/phpunit/tests/http/base.php:387

On December 2, w.org switched to using Lets Encrpyt, which seems to be causing the problem.

Change History (5)

#1 @desrosj
2 months ago

I'm not quite sure exactly why the failure is occurring yet, but applying [48707] to the branches fixes the problem.

It's also possibly related to https://letsencrypt.org/2024/03/19/new-intermediate-certificates/.

This ticket was mentioned in PR #8019 on WordPress/wordpress-develop by @desrosj.


2 months ago
#2

  • Keywords has-patch added

#3 @swissspidy
5 weeks ago

So maybe some of those certificates expired? It makes sense to me to keep that certificate list updated everywhere, considering these branches still receive security updates.

This ticket was mentioned in Slack in #core by desrosj. View the logs.


5 weeks ago

#5 @desrosj
5 weeks ago

@swissspidy After looking at this more, I agree. I opened #62811 to update the certificate bundle for 6.8, and #62812 to make it easier to update this in the future.

I think after the updates in #62811 are merged, those should be backported along with [48707] to the older branches and shipped in the next security release (when and if that happens).

Note: See TracTickets for help on using tickets.