Submitted by weldon on
I run a multi-site installation of Drupal 7 on FreeBSD. During planned upgrades, I noticed that all of the Drupal sites was silently unable to check status of modules and the core installation for available upgrades. That would also cause warnings for needed upgrades to no longer be emailed out.
I discovered that all the Drupal URLs that point to http:// sites are now getting 301 redirected to https://. Great idea, i have no idea how long that as been going on. At some point recently, I upgraded php to the 5.6.x tree. Well, starting in 5.6.x, the default behavior for verify_peer went from FALSE to TRUE. Ok, that is also a great idea. So I did go through and made sure my server is checking and using the right certificate authority files. It is. CURL, WGET, etc was cleaning getting to Drupal and other HTTPS sites. For some reason, I was still getting failures in upgrade checks within Drupal. I was suspecting still php was unable to verify certificate authority and just not downloading anything.
I tried using documented over-rides my php.ini (http://php.net/manual/en/context.ssl.php), first the openssl.cafile one, and then to test stuff, the openssl.verify_peer ones. It appears after what I did next, these where being ignored by php. (php is using this php.ini file, other overrides was and are still working otherwise, more stuff would be broken).
So I ended up installing the Curl integration module with php package (php56-curl) and restarting apache. Then nstalling the cURL HTTP Request Drupal module in the "all" sites directory. Enabling the module in all sites and in the configuration for each site, check "Override Drupal HTTP Request" and save the config. Instantly after that, all sites where able to check and get a status of it's modules and of the core instalation of Drupal.