}
if ( $this->sslVerifyHost ) {
- // PHP 5.6.0 deprecates CN_match, in favour of peer_name which
- // actually checks SubjectAltName properly.
- if ( version_compare( PHP_VERSION, '5.6.0', '>=' ) ) {
- $options['ssl']['peer_name'] = $this->parsedUrl['host'];
- } else {
- $options['ssl']['CN_match'] = $this->parsedUrl['host'];
- }
+ $options['ssl']['peer_name'] = $this->parsedUrl['host'];
}
$options['ssl'] += $this->getCertOptions();
restore_error_handler();
if ( !$fh ) {
- // HACK for instant commons.
- // If we are contacting (commons|upload).wikimedia.org
- // try again with CN_match for en.wikipedia.org
- // as php does not handle SubjectAltName properly
- // prior to "peer_name" option in php 5.6
- if ( isset( $options['ssl']['CN_match'] )
- && ( $options['ssl']['CN_match'] === 'commons.wikimedia.org'
- || $options['ssl']['CN_match'] === 'upload.wikimedia.org' )
- ) {
- $options['ssl']['CN_match'] = 'en.wikipedia.org';
- $context = stream_context_create( $options );
- continue;
- }
break;
}