How to a specify the correct CA certificate

  • Resolved kfroment

    (@kfroment)


    8 years, 8 months ago

    Hi,

    I’ve just updated to a the latest version of wp-cassify (1.5.7). This version uses the wp_remote_get function instead of cURL for the back channel. The problem is that wp_remote_get does not trust the my CAS server’s TLS certificate. This certificate was built using our in-house CA. So the correct CA cert will not be in any publically published bundle that WP might use.

    So the question is how to I load my CA certificate so that wp_remote_get will trust my CAS server?

    Many thanks!!

    https://www.ads-software.com/plugins/wp-cassify/

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi, can you try to replace turn ‘ssl_verify’ to ‘false’ in wp_cassify_utils.php, in wp_cassify_do_ssl_web_request function :
    ‘sslverify’ => false

    Keep me informed if it solve the problem.

    If it’s not work, reinstall the previous version 1.5.6, and then i publish a fix quickly.

    Thread Starter kfroment

    (@kfroment)

    Hi, I still seem to be getting the same problem:

    Notice: wp_setcookie is deprecated since version 2.5! Use wp_set_auth_cookie() instead. in /var/www/html/wordpress/wp-includes/functions.php on line 3573
    Error [ wp_cassify_do_ssl_web_request ] : Peer certificate cannot be authenticated with known CA certificates

    I assume your change should just switch the cert verification off, rather like: curl –insecure would do?

    I also tried restarting httpd just in case.

    Thanks

    Ok, thanks for stacktrace.

    Ok, patch the function like this while new version of plugin are being released :

    public static function wp_cassify_do_ssl_web_request( $url, $ssl_cipher ) {

    if (! function_exists ( ‘curl_init’ ) ) {
    die( ‘Please install php cURL library !’);
    }

    $ch = curl_init();

    curl_setopt( $ch, CURLOPT_HEADER, false );
    curl_setopt( $ch, CURLOPT_URL, $url ) ;
    curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
    curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 1);

    //curl_setopt( $ch, CURLOPT_USERAGENT,’Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13′ );
    curl_setopt( $ch, CURLOPT_SSLVERSION, 0 );

    if ( ( defined( ‘WP_DEBUG’ ) ) && ( WP_DEBUG == true ) ) {
    curl_setopt( $ch, CURLOPT_VERBOSE, true );
    }

    $response = curl_exec( $ch );

    if( curl_errno( $ch ) ) {
    if ( ( defined( ‘WP_DEBUG’ ) ) && ( WP_DEBUG == true ) ) {
    $info = curl_getinfo( $ch );
    die( ‘Curl error: ‘ . curl_error( $ch ) . print_r( $info, TRUE ) );
    }
    else {
    die( ‘Curl error: active WP_DEBUG in wp-config.php’);
    }
    }

    curl_close( $ch );

    return $response;
    }

    Thread Starter kfroment

    (@kfroment)

    Hi, Ok that works. I’ll look out for an update. While I was looking for an answer on the net someone said that WP have not provided a method to set the CA cert. Not sure that I believe that….

    Thanks very much for your help.

    Ok, I close the ticket.

    I will rewrite new plugin version as the previous version using php-cURL functions. So we will have more control on SSL webrequest configuration.
    Originally, i replaced php-cURL functions by native WordPress function wp_remote_get to delete plugin php5-curl dependency. But, it’s not a good idea.

    So, I back off.

    Best regards.

    Ok, I close the ticket.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘How to a specify the correct CA certificate’ is closed to new replies.