Opened 2 months ago
Last modified 5 weeks ago
#62711 new defect (bug)
`external-http` test failures in 4.1-4.5 branches
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 6.8 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Security | Keywords: | has-patch |
Focuses: | Cc: |
Description
A new test failure has started occurring in the 4.5 branch and earlier.
1) Tests_HTTP_streams::test_ssl stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed /var/www/src/wp-includes/class-wp-http-streams.php:150 /var/www/src/wp-includes/class-http.php:433 /var/www/src/wp-includes/class-http.php:342 /var/www/src/wp-includes/class-http.php:496 /var/www/src/wp-includes/http.php:170 /var/www/tests/phpunit/tests/http/base.php:387
On December 2, w.org switched to using Lets Encrpyt, which seems to be causing the problem.
Change History (5)
This ticket was mentioned in PR #8019 on WordPress/wordpress-develop by @desrosj.
2 months ago
#2
- Keywords has-patch added
Trac ticket: https://core.trac.wordpress.org/ticket/62711
#3
@
5 weeks ago
So maybe some of those certificates expired? It makes sense to me to keep that certificate list updated everywhere, considering these branches still receive security updates.
This ticket was mentioned in Slack in #core by desrosj. View the logs.
5 weeks ago
#5
@
5 weeks ago
@swissspidy After looking at this more, I agree. I opened #62811 to update the certificate bundle for 6.8, and #62812 to make it easier to update this in the future.
I think after the updates in #62811 are merged, those should be backported along with [48707] to the older branches and shipped in the next security release (when and if that happens).
I'm not quite sure exactly why the failure is occurring yet, but applying [48707] to the branches fixes the problem.
It's also possibly related to https://letsencrypt.org/2024/03/19/new-intermediate-certificates/.