Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade.php: If we're on windows, make sure we can load intermediate certificates #15052

Merged
merged 1 commit into from
Jul 11, 2024
Merged

upgrade.php: If we're on windows, make sure we can load intermediate certificates #15052

merged 1 commit into from
Jul 11, 2024

Conversation

jerm
Copy link
Collaborator

@jerm jerm commented Jul 9, 2024

According to curl/curl#12155 and curl/curl@2d63331

Some corporate Windows proxy (mis)configurations don't pass along
intermediate certificates in their TLS handshakes, breaking lots of
things that don't work around it.

This creates a problem in our curl calls when checking for
.upgrade_requirements.json, and seems to be the source of errors for a
few of our users: #14826 (comment)

In this change, we detect when running on windows environments and load
the curl option that works around this. Loading it in non-windows
environments throws an error, hence the check.

upgrade.php: If we're on windows, make sure we can load intermediate …
c8fe002 
…certificates

According to curl/curl#12155 and curl/curl@2d63331

Some corporate Windows proxy (mis)configurations don't pass along
intermediate certificates in their TLS handshakes, breaking lots of
things that don't work around it.

This creates a problem in our curl calls when checking for
.upgrade_requirements.json, and seems to be the source of errors for a
few of our users: #14826 (comment)

In this change, we detect when running on windows environments and load
the curl option that works around this.
@jerm jerm requested a review from snipe as a code owner July 9, 2024 05:19
@what-the-diff What The Diff
Copy link

what-the-diff bot commented Jul 9, 2024

PR Summary

  • Enhanced SSL Configuration on Windows
    In order to ensure a robust and secure communication, this PR adds a condition that adjusts the SSL options of the CURL (a tool used to transfer data) when the operating system is Windows (identified as "WINNT"). This will allow the software to use the native Certificate Authority bundle from the Windows OS, increasing the level of security for data transfers.

@snipe snipe merged commit 68136ea into develop Jul 11, 2024
9 checks passed
@jerm jerm deleted the jerm/handle-windows-ca-jank-in-upgrade-script branch July 17, 2024 23:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snipe snipe Awaiting requested review from snipe snipe is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jerm @snipe