-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CA certificate verify failed #2
Comments
Hey there, Thanks for reporting the issue. Interestingly enough, the client for whom I built this class originally had this issue as well on his server. Suggestions welcome for this. |
That works great, thanks! It would make the WordPress update curl less secure by setting it to trust all certificates ... but as far as I can tell there is no way to give WordPress a list of trusted certificates, so I don't see another option. |
Yeah exactly, that's why I'd rather not include it in the class by default. On 2011-10-03, at 5:05 PM, Paul Kilmurray wrote:
|
I think this can be fixed by adding "'sslverify' => false" to the wp_remote_get args, like: wp_remote_get($this->config['api_url'], array( 'sslverify' => false ); |
Hey @pmichael thanks for the new and better solution. I can confirm that your solution works, which is great. I will opt to not include this in the core class for now as it could still be seen as a security issue and the initial problem only affects certain installations of WordPress. That being said, I am open to being convinced as to why this should be included in the class. Also, if anyone does run into this problem, they should definitely use @pmichael's solution. |
You're welcome. You could add the option to the config array, setting |
I ended up playing around with this after realizing that the After monitoring default WordPress updates, I found they normally use HTTP:
These connections aren't verifying with a Certificate Authority, and they are not encrypted. Running Github updates over HTTPS without I agree that it's unwise to disable In
|
WordPress throws an error when I try to autoupdate:
Download failed. SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
The problem (and solution) is discussed here: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/ but I believe the curl options would need to be set inside WordPress core files.
Is there another work around for this?
The text was updated successfully, but these errors were encountered: