Last modified: 2014-11-09 17:14:10 UTC
Looks like a side effect of I3c3d397d5779aa0affcfa8455c2197ac562c5424
This is the same error I have in bug 73199. Differences are: * it is not the same code (SpamBlacklist vs MediaWiki core), * it is not the same PHP function (file_get_contents vs fopen), * in bug 73199, there is a context specified (not here). I guess file_get_contents has a default context where the option CN_match is fixed to the requested host (I tried to dive into source code of PHP to track the default argument, but I abandonned), and new x509 certificates (like the one of the Wikimedia projects) don’t really use the CN attribute but the subjectAltName attribute. If this diagnosis is correct, a fix would be to add a context parameter with CA_match "unset" (setting it to null?).