Page MenuHomePhabricator

Warning: file_get_contents(): Peer certificate CN=`*.wikipedia.org' did not match expected CN=`meta.wikimedia.org' in .../extensions/SpamBlacklist/BaseBlacklist.php on line 273
Open, MediumPublic

Description

Looks like a side effect of I3c3d397d5779aa0affcfa8455c2197ac562c5424


Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=73199

Details

Reference
bz68581

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:34 AM
bzimport added a project: SpamBlacklist.
bzimport set Reference to bz68581.
bzimport added a subscriber: Unknown Object (MLST).

This is the same error I have in bug 73199. Differences are:

  • it is not the same code (SpamBlacklist vs MediaWiki core),
  • it is not the same PHP function (file_get_contents vs fopen),
  • in bug 73199, there is a context specified (not here).

I guess file_get_contents has a default context where the option CN_match is fixed to the requested host (I tried to dive into source code of PHP to track the default argument, but I abandonned), and new x509 certificates (like the one of the Wikimedia projects) don’t really use the CN attribute but the subjectAltName attribute.

If this diagnosis is correct, a fix would be to add a context parameter with CA_match "unset" (setting it to null?).