Problem with SSL using self-signed certificate

  • Evan Mattson

    (@aaemnnosttv)


    10 years, 9 months ago

    It took me a while to figure this out, but the varnish purge will not work on sites using SSL with a self-signed certificate. Basically, it’s only failing because SSL verification is on by default and self-signed certs will fail that.

    [response] => WP_Error Object
        (
            [errors] => Array
                (
                    [http_request_failed] => Array
                        (
                            [0] => SSL certificate problem: self signed certificate
                        )

                )

    This can be worked around by setting "sslverify" => falsein the request arguments forwp_remote_request()`.

    Other thoughts:
    It would be nice if the “Varnish cache purged!” message would only appear if the purge request came back with a 200 response. Otherwise, it should show as an error with the error message from the WP_Error response.

    Version 3.7.3

    https://ww.wp.xz.cn/plugins/varnish-http-purge/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    10 years, 9 months ago

    The problem is that while you are sure your cert is self-signed and okay, it’s difficult to make a sweeping generalization like that for everyone.

    If you are requesting HTTPS and know that the site is self-signed or is invalided and are reasonably sure that it can be trusted, then set to false.

    I don’t know that for the majority of users (can’t know it either, and users don’t always know). You should never perform an unsecure request until your user has agreed to
    do so and knows of the risks. I can’t be sure that users will :/

    I’ll see about putting in a catch for the errors though. That could spit back something… I have to think more about how to handle self-signed certs. There’s not a one-right answer or direction, since this plugin is intended to be simple and not something people have to mess around with customizing.

    The issue, by the way, with errors is that I have to make sure there’s a way for users who aren’t techy to know what to do and how. It’s a black-box for a reason, since the users it’s intended for are often not tech savvy. There’s a case to be made both ways, of course. But it’s a lot of decisions and weighing information and it’s usefulness :/

    Thread Starter Evan Mattson

    (@aaemnnosttv)

    10 years, 8 months ago

    Thanks for the thoughtful response.

    I agree, disabling ssl_verify is probably not something to apply across the board. However, it is necessary to allow for self-signed certificates. Perhaps allowing the ssl_verify to be disabled via a filter makes more sense?

    Regarding the messages, I understand the desire to keep things simple, but IMO the way it is now is doing more harm than good by always showing “Success” even in the event of an error. Even for users who are tech-savvy, it makes it unnecessarily difficult to troubleshoot. At least that was my experience.

    Of course, it would be nice to have an explanation of how to fix a given error if there is one. Verbose error messages are definitely possible though. If the purge request does fail with a WP_Error, there could be different suggestions based on the error ID.

    I’m open to contributing, if you are open to a PR?

    Plugin Contributor Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    10 years, 8 months ago

    Oh hell yes 🙂 PRs always welcome.

    https://github.com/Ipstenu/varnish-http-purge/ – Master is a bit ‘ahead’ as I’m working through adding in some wp-cli commands and other tests.

    I should probably say “A purge request has been sent” versus a real success message at the very least.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Problem with SSL using self-signed certificate’ is closed to new replies.