Edit report at http://pear.php.net/bugs/bug.php?id=18443&edit=1

ID: 18443
Updated by: [email protected]
Reported By: acc at ideashower dot com
Summary: Curl Adaptor ignores SSL settings on redirects
-Status: Open
+Status: Closed
Type: Bug
Package: HTTP_Request2
Package Version: 2.0.0beta3
PHP Version: 5.3.6
-Assigned To:
+Assigned To: avb
Roadmap Versions:
New Comment:

-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: avb
This bug has been fixed in SVN.

If this was a documentation problem, the fix will appear on pear.php.net
by the end of next Sunday (CET).

If this was a problem with the pear.php.net website, the change should
be live shortly.

Otherwise, the fix will appear in the package's next release.

Thank you for the report and for helping us make PEAR better.

Previous Comments:

[2011-04-14 01:34:59] nateweiner

Should note that if you start with the resolved https nytimes link it


[2011-04-14 01:32:36] nateweiner

If setting ssl_verify_peer or ssl_verify_host, the Curl Adaptor will
ignore these settings for redirects if the origin url was not https.

For example:

Starting with:

Which resolves to:

The redirected url gives the standard curl error when ssl ca's are not
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed

Line 343 of Curl.php shows:

if (0 == strcasecmp($this->request->getUrl()->getScheme(), 'https')) {

This seems to only set the ssl options if the request url is https.


Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppear-bugs @
postedMay 6, '11 at 7:33a
activeMay 6, '11 at 7:33a

1 user in discussion

Borz_off: 1 post



site design / logo © 2023 Grokbase