Author Topic: isolated failure to ping iTunes due to SSL certificates not being installed  (Read 2804 times)

diablodale

  • Full Member
  • **
  • Posts: 14
Hi everyone. I was not able to ping iTunes with PowerPress. It reported
   Unable to connect to iTunes ping server

I isolated this to my administrators failure to install current SSL CA certificates for cURL to work. It wasn't easily found because most of the time everyone calls to HTTP resources. But when you need to ping iTunes to refresh your Podcast, its an HTTPS call.

cURL is a component of PHP on which Wordpress is written. At the official cURL site, they document this problem very well at http://curl.haxx.se/docs/sslcerts.html

This may not be your problem pinging iTunes, but it is a possible cause of the problem.

angelo

  • CIO, RawVoice
  • Administrator
  • Hero Member
  • *****
  • Posts: 4483
There is a way to tell CURL to ignore these certificate errors, though it is not recommended. Normally I would not consider adding that ignore option but for pinging iTunes, I think it is ok. I actually don't see a need for the ping URL to use SSL but that was Apple's decision not mine. I'll add this to PowerPress iTunes Ping logic in the next release then folks using CURL with PHP will not have this error even if their administrator hasn't kept their certificates on their server up to date.

diablodale

  • Full Member
  • **
  • Posts: 14
The change I had to make is deep in WP. Its in wp-includes/http.php. In WP 2.7.1 its around line 1005 and I added the code:
      curl_setopt( $handle, CURLOPT_SSL_VERIFYPEER, FALSE);

As the admins and I continue to research this, its starting to appear that, specially, the Windows implementation of cURL doesn't have a default location for it to find the certs like it does on *nix platforms. If that's true, then SSL with cURL would always fail unless the application programmer sets a cURL option that specifically points to a dir/file with the certs in it. We're still investigating this.

angelo

  • CIO, RawVoice
  • Administrator
  • Hero Member
  • *****
  • Posts: 4483
I've already added code to PowerPress to set the curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); when using curl. The new function in PowerPress is called powerpress_remote_fopen($url). If curl is not detected then powerpress_remote_fopen() uses the wp_remote_fopen() function. This bypasses the need to worry about maintaining the line you mentioned in the wp-includes/http.php file.

I'm doing some last minute tests with one other bug that I'm working on. Once I'm confident this last other bug is fixed I'll be pushing out v0.7.2. Unless I run into something crazy, expect the new version to be available in the next hour.

Thanks again for your help,
Angelo