API error after OS X 10.10 Yosemite/Server 4.0 upgrade

Hi Michael,

Yes, Google insists on HTTPS, so I don’t believe that URL can be changed. During runtime, it is the end user’s browser that fetches the font from Google, so your server does not get involved in that (so the fallback should work at least).

When in the admin pages, it is the server accessing the API, rather than your browser, to get lists of fonts. That means your web server must be able to do a HTTPS fetch. I have seen this error before, also on OS-X, and it is somehow related to SSL or some partciaular SSL cryptography that is (or is not) installed on the server. In many instances it is not installed by default. I don’t have instructions on what needed to be done to correct this, but I’ll see if I can dig out what happened last time.

I believe it is a common enough problem that it is easily found by Google. This might not be the same version as you are having problems with, but it may be a similar issue:

https://www.cnet.com/news/cannot-access-secured-web-sites-after-os-x-update/

Thanks Jason,

I’ve tried everything I can think of (including the suggestions outlined in the Cnet article). No luck at all.

For what it’s worth, curl works as expected:

curl -v https://www.googleapis.com/webfonts/v1/webfonts?key=%5Bxxx%5D

I’m wondering if the solution offered here is of any use:

https://stackoverflow.com/questions/26461966/osx-10-10-curl-post-to-https-url-gives-sslread-error

(Use homebrew to install a version of PHP with openssl.)

Ah, it’s the fixes for POODLE vulnerability that is behind all this. I’ve been forced an update to Thunderbird that suddenly makes it unusable on our internal mail servers – it’s most annoying, but it’s being done by servers, browsers, mail client’s etc to force everyone’s hand in removing all traces of SSL3.0 from everywhere.

This plguin uses the standard WP wp_remote_get() to fetch from the Google API. Anything else that uses this in WP will have the same issues. So ultimately the problem will need to be fixed in your PHP installation. That SO link you posted looks like a good avenue to explore.

I’m not sure if there is anything that this plugin can do to work around this issue (though I may be wrong).

Thanks Jason. That’s what I was afraid of. Sigh.

Michael, and luck on getting this working? I think it is a platform issue, and upgrading your hosting platform would likely be the only way this can be fixed.

No Jason, the issue remains unresolved. I’m more convinced than ever it has something to do with Apple trying to protect us from ourselves with OS X/Server no longer supporting SSL in PHP. Yay Apple, way to go: Leave it enabled in the browser but disable it in PHP.

The workaround appears to be to compile PHP manually, using Homebrew, with SSL enabled.

I’m marking this as resolved because I’m convinced it’s not anything over which Google Webfonts for Woo Framework has control.

Thanks ??

Don’t be too hard on Apple for this. The whole industry had been slow in upgrading SSL for a long time, and a series of vulnerabilities have hit everyone quite hard. This has resulted in a lot quick moves by everyone – Apple, Mozilla, Redhat/CentOS – just about everyone. Those that have put the convenience of users first, and not removed insecure protocols, may be the ones that will be bringing bigger problems to their users in the long run.

I do agree, however, that the various moves have not come with simple advice for us end users who just want stuff to work, and need to know more about what has changed so we can work around it.