Discussion:
Is it possible to hook into the wp_http API?
Vid Luther
2013-10-01 04:55:19 UTC
Permalink
Hi,
We seem to have an issue with our systems and SSL. And, I think I need to
sleep, so I'm asking a possibly silly question..

*The Problem*

The version of PHP we have, and the version of OpenSSL it's compiled with,
causes an issue with requests to some HTTPs servers. While I try and work
with the Ubuntu/Debian maintainers to fix this bug upstream.. or build our
own version of PHP which could take a few weeks to test..

https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137

I was wondering if it's possible for us to put in an mu-plugin that hooks
into the wp_http API. In a local test, we've already verified that if we
add a line to the request method of WP_Http, specifically the line saying


curl_setopt($handle, CURLOPT_SSLVERSION, 3);

Then the request works..

*The question*

Since this problem will probably be fixed on the distribution/PHP side when
the next LTS comes out, it doesn't make sense to send a patch against core
for this.

But, we need to let the customer make his request..so we need to tell the
WP HTTP api to use SSL v3 on purpose.
From my understanding of Filters and Actions, a filter would be
inappropriate here.. but an action may work.. but I don't know/can't think
of what hook to attach this action to.

Any ideas?
Dion Hulse (dd32)
2013-10-01 05:04:12 UTC
Permalink
This should fix it for requests using the cURL transport, but some requests
might not:

add_action( 'http_api_curl', 'mysite_curl_ssl_v3' );
function mysite_curl_ssl_v3( $handle ) {
curl_setopt($handle, CURLOPT_SSLVERSION, 3);
}

Can you please let us know what versions/distro's of PHP which you know is
affected by this? If you're affected, others will surely be affected, so
I'd like to get 3.7 to support, or, work around, the issue.

D
Post by Vid Luther
Hi,
We seem to have an issue with our systems and SSL. And, I think I need to
sleep, so I'm asking a possibly silly question..
*The Problem*
The version of PHP we have, and the version of OpenSSL it's compiled with,
causes an issue with requests to some HTTPs servers. While I try and work
with the Ubuntu/Debian maintainers to fix this bug upstream.. or build our
own version of PHP which could take a few weeks to test..
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137
I was wondering if it's possible for us to put in an mu-plugin that hooks
into the wp_http API. In a local test, we've already verified that if we
add a line to the request method of WP_Http, specifically the line saying
curl_setopt($handle, CURLOPT_SSLVERSION, 3);
Then the request works..
*The question*
Since this problem will probably be fixed on the distribution/PHP side when
the next LTS comes out, it doesn't make sense to send a patch against core
for this.
But, we need to let the customer make his request..so we need to tell the
WP HTTP api to use SSL v3 on purpose.
From my understanding of Filters and Actions, a filter would be
inappropriate here.. but an action may work.. but I don't know/can't think
of what hook to attach this action to.
Any ideas?
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Loading...