CURLOPT_SSL_VERIFYPEER disabled
-
Hi! Found your plugin through the WordPress Support forum post “Error: WordPress could not establish a secure connection to www.ads-software.com“.
I noticed you disable CURLOPT_SSL_VERIFYPEER, on line 63 of Safly-Curl-Patch.php. Please *do not do this* but fix your PHP configuration! I have a blog post explaining why: https://www.saotn.org/dont-turn-off-curlopt_ssl_verifypeer-fix-php-configuration/.
-
Sorry for my late reply and thanks for your good advice!
I develop this plug-in aiming at eliminating all the curl failure, including potential CA error (in some wrongly configured servers it will occur, for there are not enough CA Certificates, who knows), and it indeed helps a lot of people.
I have read your post and it is so professional, thanks a lot!
I have taken DNS fraud or something else into consideration and I use a trustworthy third-party HTTP DNS service to ensure the access to wp.com to reduce risk.
$ip = wp_remote_retrieve_body(wp_remote_get('https://119.29.29.29/d?dn=' . $domain));
The risk indeed exists if the network is not safe, though a bit hard to achieve(The listener doesn’t know what the source wants to do). And personally, the network in the data center will be guaranteed.
Thanks for your topic very much! I will turn this option to optional in the future update. ??
- The topic ‘CURLOPT_SSL_VERIFYPEER disabled’ is closed to new replies.
