Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.3
Bug #18487 Recapture has changed ssl certificates
Submitted: 2011-04-28 08:15 UTC
From: lmurphy Assigned: kguest
Status: Closed Package: Services_ReCaptcha (version 1.0.2)
PHP Version: 5.2.12 OS: Any
Roadmaps: (Not assigned)    
Subscription  


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 17 - 1 = ?

 
 [2011-04-28 08:15 UTC] lmurphy (Laurie Murphy)
Description: ------------ Recapture is asking to use a different url, and has killed the ssl certificate on the old one (breaking it in most browsers). See: https://groups.google.com/forum/#!msg/recaptcha/V7qswqBnA1 o/JXjZjpjSR4EJ

Comments

 [2011-04-28 08:20 UTC] doconnor (Daniel O'Connor)
Paste: Hi reCAPTCHA users, In April, we will begin to turn down the legacy URL for reCAPTCHA's HTTPS API. If your site uses reCAPTCHA over SSL, you will need to make a minor code change before April 11. If your site does not load the reCAPTCHA challenge API over SSL, you do not need to make any changes. You can tell if you’re using SSL by looking at the source of your page(s) which contain reCAPTCHA and seeing whether you use "https://api-secure.recaptcha.net" anywhere. The transition involves a very simple change to your code. Any time between now and April 11, you need to replace all instances of: https://api-secure.recaptcha.net/XXX with: https://www.google.com/recaptcha/api/XXX If you don’t make the change before April 11, your users might see SSL certificate warnings when visiting your site. (However, the CAPTCHA should still load normally, unless the user has restrictive security settings.) Most commonly, this shows up as a call to the reCAPTCHA challenge API on the page that contains reCAPTCHA, such as: <script src="https://api-secure.recaptcha.net/challenge?k=XXXYYYZZZ"></ script> This call needs to change to something like this: <script src="https://www.google.com/recaptcha/api/challenge? k=XXXYYYZZZ"></script> ... everything after the /challenge can remain exactly as it was. Another thing to look for is if you're including the reCAPTCHA JavaScript over HTTPS. Code that looks like: <script src="https://api-secure.recaptcha.net/js/recaptcha.js"></ script> or <script src="https://api-secure.recaptcha.net/js/recaptcha_ajax.js"></ script> Would need to change to: <script src="https://www.google.com/recaptcha/api/js/recaptcha.js"></ script> or <script src="https://www.google.com/recaptcha/api/js/ recaptcha_ajax.js"></script> We're sorry for the inconvenience; please let us know if you have any questions or concerns about making this change. We will be contacting SSL-using site owners individually to let them know about this change; however we wanted to post in the public forum as well, since we may not have up-to-date contact information for all sites. Best, Colin & the rest of the reCAPTCHA team
 [2011-04-28 08:25 UTC] doconnor (Daniel O'Connor)
Added patch change-default-providers.
 [2011-04-29 00:57 UTC] kguest (Ken Guest)
-Assigned To: +Assigned To: kguest
 [2011-04-29 01:26 UTC] kguest (Ken Guest)
-Status: Assigned +Status: Closed
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/