From 702e4e8ea7b36895e34c14fe904052af65b342f7 Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Sun, 27 Sep 2015 21:37:24 +0000 Subject: [PATCH] Don't set `CURLOPT_CAINFO` when `sslverify` is false when sending HTTP API requests through cURL. This avoids sending redundant information to cURL, and avoids a bug in Apple's SecureTransport library which causes a request to fail when a CA bundle is set but certificate verification is disabled. This fixes issues with local HTTPS requests (eg. WP Cron) on OS X where cURL is using SecureTransport instead of OpenSSL. Fixes #33978 Built from https://develop.svn.wordpress.org/trunk@34639 git-svn-id: http://core.svn.wordpress.org/trunk@34603 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-http-curl.php | 6 +++++- wp-includes/version.php | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/wp-includes/class-wp-http-curl.php b/wp-includes/class-wp-http-curl.php index b7382da320..d59ddecfad 100644 --- a/wp-includes/class-wp-http-curl.php +++ b/wp-includes/class-wp-http-curl.php @@ -133,7 +133,11 @@ class WP_Http_Curl { curl_setopt( $handle, CURLOPT_RETURNTRANSFER, true ); curl_setopt( $handle, CURLOPT_SSL_VERIFYHOST, ( $ssl_verify === true ) ? 2 : false ); curl_setopt( $handle, CURLOPT_SSL_VERIFYPEER, $ssl_verify ); - curl_setopt( $handle, CURLOPT_CAINFO, $r['sslcertificates'] ); + + if ( $ssl_verify ) { + curl_setopt( $handle, CURLOPT_CAINFO, $r['sslcertificates'] ); + } + curl_setopt( $handle, CURLOPT_USERAGENT, $r['user-agent'] ); /* diff --git a/wp-includes/version.php b/wp-includes/version.php index 478e94f9a9..3a80c70b67 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-alpha-34638'; +$wp_version = '4.4-alpha-34639'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.