Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.3.0

Bug #18443 Curl Adaptor ignores SSL settings on redirects
Submitted: 2011-04-14 05:32 UTC
From: nateweiner Assigned: avb
Status: Closed Package: HTTP_Request2 (version 2.0.0beta3)
PHP Version: 5.3.6 OS:
Roadmaps: (Not assigned)    
Subscription  


 [2011-04-14 05:32 UTC] nateweiner (Nate Wweiner)
Description: ------------ If setting ssl_verify_peer or ssl_verify_host, the Curl Adaptor will ignore these settings for redirects if the origin url was not https. For example: Starting with: http://nyti.ms/htzv76 Which resolves to: https://www.nytimes.com/2011/04/17/magazine/mag-17Sugar-t.html?_r=2&pagewanted=all The redirected url gives the standard curl error when ssl ca's are not configured: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Line 343 of Curl.php shows: if (0 == strcasecmp($this->request->getUrl()->getScheme(), 'https')) { This seems to only set the ssl options if the request url is https.

Comments

 [2011-04-14 05:34 UTC] nateweiner (Nate Wweiner)
Should note that if you start with the resolved https nytimes link it works.
 [2011-05-06 12:33 UTC] avb (Alexey Borzov)
-Status: Open +Status: Closed -Assigned To: +Assigned To: avb
This bug has been fixed in SVN. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.