sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't set CURLOPT_CAINFO when sslverify is false when sending HTTP API requests through cURL. This avoids sending redundant information to cURL, and avoids a bug in Apple's SecureTransport library which causes a request to fail when a CA bundle is set but certificate verification is disabled.

Browse Source 
This fixes issues with local HTTPS requests (eg. WP Cron) on OS X where cURL is using SecureTransport instead of OpenSSL.

Fixes #33978


git-svn-id: https://develop.svn.wordpress.org/trunk@34639 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn 2015-09-27 21:37:00 +00:00
parent 5ff16465f2
commit a0be6bbb12
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/wp-includes/class-wp-http-curl.php
View File

@ -133,7 +133,11 @@ class WP_Http_Curl {
curl_setopt( $handle, CURLOPT_RETURNTRANSFER, true ); curl_setopt( $handle, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $handle, CURLOPT_SSL_VERIFYHOST, ( $ssl_verify === true ) ? 2 : false ); curl_setopt( $handle, CURLOPT_SSL_VERIFYHOST, ( $ssl_verify === true ) ? 2 : false );
curl_setopt( $handle, CURLOPT_SSL_VERIFYPEER, $ssl_verify ); curl_setopt( $handle, CURLOPT_SSL_VERIFYPEER, $ssl_verify );
curl_setopt( $handle, CURLOPT_CAINFO, $r['sslcertificates'] );
if ( $ssl_verify ) {
curl_setopt( $handle, CURLOPT_CAINFO, $r['sslcertificates'] );
}
curl_setopt( $handle, CURLOPT_USERAGENT, $r['user-agent'] ); curl_setopt( $handle, CURLOPT_USERAGENT, $r['user-agent'] );
/* /*

28
tests/phpunit/tests/http/base.php
View File

@ -15,6 +15,8 @@ abstract class WP_HTTP_UnitTestCase extends WP_UnitTestCase {
var $redirection_script = 'http://api.wordpress.org/core/tests/1.0/redirection.php'; var $redirection_script = 'http://api.wordpress.org/core/tests/1.0/redirection.php';
var $fileStreamUrl = 'http://s.w.org/screenshots/3.9/dashboard.png'; var $fileStreamUrl = 'http://s.w.org/screenshots/3.9/dashboard.png';
protected $http_request_args;
function setUp() { function setUp() {
if ( is_callable( array('WP_Http', '_getTransport') ) ) { if ( is_callable( array('WP_Http', '_getTransport') ) ) {
@ -42,6 +44,11 @@ abstract class WP_HTTP_UnitTestCase extends WP_UnitTestCase {
parent::tearDown(); parent::tearDown();
} }
function filter_http_request_args( array $args ) {
$this->http_request_args = $args;
return $args;
}
function test_redirect_on_301() { function test_redirect_on_301() {
// 5 : 5 & 301 // 5 : 5 & 301
$res = wp_remote_request($this->redirection_script . '?code=301&rt=' . 5, array('redirection' => 5) ); $res = wp_remote_request($this->redirection_script . '?code=301&rt=' . 5, array('redirection' => 5) );
@ -282,6 +289,27 @@ abstract class WP_HTTP_UnitTestCase extends WP_UnitTestCase {
} }
/**
* Test HTTP requests where SSL verification is disabled but the CA bundle is still populated
*
* @ticket 33978
*/
function test_https_url_without_ssl_verification() {
$url = 'https://wordpress.org/';
$args = array(
'sslverify' => false,
);
add_filter( 'http_request_args', array( $this, 'filter_http_request_args' ) );
$res = wp_remote_head( $url, $args );
remove_filter( 'http_request_args', array( $this, 'filter_http_request_args' ) );
$this->assertNotEmpty( $this->http_request_args['sslcertificates'] );
$this->assertNotWPError( $res );
}
/** /**
* Test HTTP Redirects with multiple Location headers specified * Test HTTP Redirects with multiple Location headers specified
* *