Edit report at http://pear.php.net/bugs/bug.php?id=18443&edit=1
ID: 18443
Updated by: [email protected]
Reported By: acc at ideashower dot com
Summary: Curl Adaptor ignores SSL settings on redirects
-Status: Open
+Status: Closed
Type: Bug
Package: HTTP_Request2
Package Version: 2.0.0beta3
PHP Version: 5.3.6
-Assigned To:
+Assigned To: avb
Roadmap Versions:
New Comment:
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: avb
This bug has been fixed in SVN.
If this was a documentation problem, the fix will appear on pear.php.net
by the end of next Sunday (CET).
If this was a problem with the pear.php.net website, the change should
be live shortly.
Otherwise, the fix will appear in the package's next release.
Thank you for the report and for helping us make PEAR better.
Previous Comments:
------------------------------------------------------------------------
[2011-04-14 01:34:59] nateweiner
Should note that if you start with the resolved https nytimes link it
works.
------------------------------------------------------------------------
[2011-04-14 01:32:36] nateweiner
Description:
------------
If setting ssl_verify_peer or ssl_verify_host, the Curl Adaptor will
ignore these settings for redirects if the origin url was not https.
For example:
Starting with:
http://nyti.ms/htzv76
Which resolves to:
https://www.nytimes.com/2011/04/17/magazine/mag-17Sugar-t.html?_r=2&pagewanted=all
The redirected url gives the standard curl error when ssl ca's are not
configured:
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
Line 343 of Curl.php shows:
if (0 == strcasecmp($this->request->getUrl()->getScheme(), 'https')) {
This seems to only set the ssl options if the request url is https.
------------------------------------------------------------------------
