WordPress 5.4

Debian packages for WordPress version 5.4 will be uploaded shortly. I’m just going through the install testing now.

One problem I have noticed is, at least for my setup, there is an issue with network updates. The problem is that WordPress will ask me if I want to update the network sites, I say yes and get a SSL error.

After lots of debugging, the problem is that the fsockopen option to use SNI is turned off for network updates. My sites need SNI so without this they just bomb out with a SSL handshake error.

I’m not sure what the real fix is, but my work-around was to temporary set the SNI in the fsockopen transport while doing the site updates.

The file you want wp-includes/Requests/Transport/fsockopen.php and in the request method of Requests_Transport_fsockopen you’ll see something like:

                       stream_context_set_option($context, array('ssl' => $context_options)); 
                } 
                else { 
                        $remote_socket = 'tcp://' . $host; 
                }

Just before the stream_context_set_option put the line:

                        $context_options['SNI_enabled'] = true;

Ugly but it works

Update May 2020

Looking into this more, there is a bug in the fsockopen transport. If you have verify_peer turned off (which network upgrades do) then it turns SNI off. You still need SNI even if you are going to not verify the certificate. I raised https://core.trac.wordpress.org/ticket/50288#ticket but its simply commenting out the line that disables SNI in Requests/Transport/fsockopen.php around line 444.