Grrr, I forgot to write A dot on the .htaccess file.

   In my town, we will have a firefly season around the next two or three weeks again. So I checked my blog when I wrote about fireflies last year and found I wasn’t able to see the video on the article. What happened?

   I changed the tags in the article from <object> to <video> and I became to see the video. But after that I found more problems. All flv video files on my blog weren’t loaded. Why?

   I suspect BPS of the flv file problem, he-he. On the .htaccess file, as expected, I found I forgot to write A dot. At the line I need flvplayer\.swf, but I wrote flvplayer\swf. Oof!

   Now all flv video files on my blog are loaded. Ha-ha.

About utf8mb4 on WordPress.

   Yesterday, WordPress 4.2 came. I updated to it from the WordPress Updates page. After it, I need Upgrade Network because my WordPress is a multisite type. But I use a self-signed certificate, so I must to add my CA cert data to wp-includes/certificates/ca-bundle.crt before Upgrade Network. I also need to add the following lines to wp-includes/class-http.php because I use client authentication.

  • curl_setopt( $handle, CURLOPT_SSLCERT, 'the exact path of clientcert.pem' );
    curl_setopt( $handle, CURLOPT_SSLKEY, 'the exact path of clientkey.pem' );

   See The solution of “SSL3_READ_BYTES:sslv3 alert handshake failure” on WordPress.

   By the way, according to WordPress 4.2, WordPress supports utf8mb4 now. So you can use following 4-byte kanjis on your WordPress articles though I couldn’t use them when I checked it on 2013‎.5‎.22‎. emoji are also available in WordPress! Wow! These kanjis are included by level 3 and 4 in JIS X 0213.
𠀋 𡈽 𡌛 𡑮 𡢽 𠮟 𡚴 𡸴 𣇄 𣗄 𣜿 𣝣 𣳾 𤟱 𥒎 𥔎 𥝱 𥧄 𥶡 𦫿 𦹀 𧃴 𧚄 𨉷 𨏍 𪆐 𠂉 𠂢 𠂤 𠆢 𠈓 𠌫 𠎁 𠍱 𠏹 𠑊 𠔉 𠗖 𠘨 𠝏 𠠇 𠠺 𠢹 𠥼 𠦝 𠫓 𠬝 𠵅 𠷡 𠺕 𠹭 𠹤 𠽟 𡈁 𡉕 𡉻 𡉴 𡋤 𡋗 𡋽 𡌶 𡍄 𡏄 𡑭 𡗗 𦰩 𡙇 𡜆 𡝂 𡧃 𡱖 𡴭 𡵅 𡵸 𡵢 𡶡 𡶜 𡶒 𡶷 𡷠 𡸳 𡼞 𡽶 𡿺 𢅻 𢌞 𢎭 𢛳 𢡛 𢢫 𢦏 𢪸 𢭏 𢭐 𢭆 𢰝 𢮦 𢰤 𢷡 𣇃 𣇵 𣆶 𣍲 𣏓 𣏒 𣏐 𣏤 𣏕 𣏚 𣏟 𣑊 𣑑 𣑋 𣑥 𣓤 𣕚 𣖔 𣘹 𣙇 𣘸 𣘺 𣜜 𣜌 𣝤 𣟿 𣟧 𣠤 𣠽 𣪘 𣱿 𣴀 𣵀 𣷺 𣷹 𣷓 𣽾 𤂖 𤄃 𤇆 𤇾 𤎼 𤘩 𤚥 𤢖 𤩍 𤭖 𤭯 𤰖 𤴔 𤸎 𤸷 𤹪 𤺋 𥁊 𥁕 𥄢 𥆩 𥇥 𥇍 𥈞 𥉌 𥐮 𥓙 𥖧 𥞩 𥞴 𥧔 𥫤 𥫣 𥫱 𥮲 𥱋 𥱤 𥸮 𥹖 𥹥 𥹢 𥻘 𥻂 𥻨 𥼣 𥽜 𥿠 𥿔 𦀌 𥿻 𦀗 𦁠 𦃭 𦉰 𦊆 𦍌 𣴎 𦐂 𦙾 𦚰 𦜝 𦣝 𦣪 𦥑 𦥯 𦧝 𦨞 𦩘 𦪌 𦪷 𦱳 𦳝 𦹥 𦾔 𦿸 𦿶 𦿷 𧄍 𧄹 𧏛 𧏚 𧏾 𧐐 𧑉 𧘕 𧘔 𧘱 𧚓 𧜎 𧜣 𧝒 𧦅 𧪄 𧮳 𧮾 𧯇 𧲸 𧶠 𧸐 𧾷 𨂊 𨂻 𨊂 𨋳 𨐌 𨑕 𨕫 𨗈 𨗉 𨛗 𨛺 𨥉 𨥆 𨥫 𨦇 𨦈 𨦺 𨦻 𨨞 𨨩 𨩱 𨩃 𨪙 𨫍 𨫤 𨫝 𨯁 𨯯 𨴐 𨵱 𨷻 𨸟 𨸶 𨺉 𨻫 𨼲 𨿸 𩊠 𩊱 𩒐 𩗏 𩙿 𩛰 𩜙 𩝐 𩣆 𩩲 𩷛 𩸽 𩸕 𩺊 𩹉 𩻄 𩻩 𩻛 𩿎 𪀯 𪀚 𪃹 𪂂 𢈘 𪎌 𪐷 𪗱 𪘂 𪘚 𪚲

   So I can write 「私,𩸽の開きを焼いたのが大好きなのよ」 on WordPress now, ha-ha. I almost forgot to write. Of course, your SQL Server needs utf8mb4 support.

First VPS #4 : How to install WordPress on CentOS7.

   The さくらの VPS trial period ended on December 2nd. But I continue to use because I have some other things I want to challenge. Maybe I’ll pay monthly charge once or more.

   I’ll write “How to install WordPress”. If you do, you must finish First VPS #1, First VPS #2 and First VPS #3 as the prerequisites, of course. First, I install a WordPress as a Wheel Group User (Mine is centos), i.e like a root user.

Note) ||SELinux and WordPress|| (See httpd_selinux(8))

  1. When I used an install feature such as a plugin’s on WordPress, I had “Failed to connect to FTP Server http://VPS_DomainName/”. This seems to occur because Apache Httpd cannot access the network. The solution is “httpd_can_network_connect –> on”.
    $ sudo setsebool -P httpd_can_network_connect on
  2. When I uploaded an image via WordPress, I had “Unable to create directory wp-content/uploads/year/date. Is its parent directory writable by the server?”. At that time, the parent directory permission was 707. This trouble seems to occur because Apache Httpd cannot read/write the directory due to its context. It fixes the trouble to change the context from ‘httpd_user_content_t’ to ‘httpd_sys_rw_content_t’. But, this brought another issue to me. After the change I could not see the directory from my FTP client software.
    If you don’t care about it, you don’t need to do anything else. But, I care. I sometimes back images up via FTP.
     
    I looked for another solution. And I found it out.
    I change the context not to ‘httpd_sys_rw_content_t’ but to ‘public_content_rw_t’. And I also need ‘httpd_anon_write –> on’ for uploading an image via WordPress.
    $ sudo setsebool -P httpd_anon_write on
    $ sudo semanage fcontext -a -t public_content_rw_t \
    "/path/to/wp-content/uploads(/.*)?"

    $ sudo /sbin/restorecon -RF /path/to/wp-content/uploads

    Ref URL: 5.6.2. Persistent Changes: semanage fcontext
    This says ‘restorecon -R’ works but I needed ‘restorecon -RF’ to change the type of the directory though I don’t know why.

||How to install WordPress as a Wheel Group User||

  1. Log in phpMyAdmin as root.
  2. Create a database (something like wordpressdb) for WordPress with the collation ‘utf8_general_ci’.
  3. Create a user (something like wordpressuser) for WordPress with localhost and passphrase.
    GRANT USAGE ON *.* TO wordpressuser@localhost IDENTIFIED BY PASSWORD ‘passphrase’;
     
    Edit privileges. Give the user all privileges except grant about the database ‘wordpressdb’. Give no global privileges. This is important.
    GRANT ALL PRIVILEGES ON wordpressdb.* TO wordpressuser@localhost;
  4. Log out.

——————–

  1. Log on the VPS as centos via SSH. After that, you are at /home/centos.
  2. $ mkdir tmp
    $ chmod 707 tmp

    The tmp folder is for download files.

  3. $ cd tmp
     
    Install ‘wget’ if you don’t have it.
    $ sudo yum install wget
     
    Download WordPress and copy to the install folder.
    $ wget https://wordpress.org/latest.tar.gz
    $ tar xzvf latest.tar.gz
    $ rsync -avP ~/tmp/wordpress/ ~/www/html/wp/
  4. Make the uploads folder.
    $ mkdir ~/www/html/wp/wp-content/uploads
    $ chmod 707 uploads
     
    Change the context type.
    $ sudo semanage fcontext -a -t public_content_rw_t \
    "/home/centos/www/html/wp/wp-content/uploads(/.*)?"

    $ sudo /sbin/restorecon -RF /home/centos/www/html/wp/wp-content/uploads

——————–

  1. Access http://VPS_DomainName/wp/ by the Web browser.
  2. At the instillation the wp-config.php wasn’t made automatically. So I made it from the installer showing text by an editor and uploaded it to the VPS via FTP. Set the permission of wp-config.php to 404.
    Otherwise, the WordPress installation normally ended.
     
    Note) I couldn’t make the WordPress got the FTP account information automatically, so I added the followings to the wp-config.php before the line /* That’s all, stop editing! Happy blogging. */. They are for correcting the update issues.
    Ref URL: WordPress Upgrade Constants
     
    define('FTP_USER', 'username');
    define('FTP_PASS', 'password');
    define('FTP_HOST', 'VPS_DomainName');

 
   My PHP is running as a DSO (Apache 2.0 Handler). After the configurations above, the environment gives me ‘centos:centos’ as the owner:group about the upgrading WordPress files but it gives ‘apache:apache’ about the media files which were uploaded from Dashboard. So, by FTP client software I cannot modify the media files though I can back them up because of the user ‘centos‘. And I can change the owner:group by ‘chown’ command via SSH.
 
   This matter gives bigger problems when a person use a normal User. Next I’ll write an installation as a normal user.
 
||How to install WordPress as a normal User||
   Of course you cannot do Server-side works as a normal user. It requires your login user has administrative privileges like my centos.

    [Server Side]——

  1. Log on the VPS as centos via SSH. Make a normal user.
    $ sudo adduser normuser1
    $ sudo passwd normuser1
    Changing password for user normuser1.
    New password:
    Retype new password:
    $ sudo chmod 701 /home/normuser1
  2. Edit /etc/httpd/conf.d/userdir.conf.
    $ sudo vi /etc/httpd/conf.d/userdir.conf Ref URL: UserDir Directive

    • Add UserDir enabled normuser1 after the line UserDir disabled
    • Add UserDir www/html after the line #UserDir public_html
    • <Directory "/home/*/public_html">
      —>> <Directory "/home/*/www/html">
    • Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
      —>> Options MultiViews SymLinksIfOwnerMatch IncludesNoExec
  3. $ su - normuser1
    $ mkdir www
    $ cd www
    $ mkdir html
     
    Check normuser1 id’s property.
    $ id -a normuser1
    uid=1001(normuser1) gid=1001(normuser1) groups=1001(normuser1)
    $ exit
    $ sudo systemctl restart httpd.service
  4. $ sudo gpasswd -a sennari apache
    Check normuser1 id’s property.
    $ id -a normuser1
    uid=1001(normuser1) gid=1001(normuser1) groups=1001(normuser1),48(apache)
  5. Log in phpMyAdmin as root from the Web browser.
     
    Create a database (something like normuser1db) with the collation ‘utf8_general_ci’ for WordPress.
    Create a user (something like normuser1wp) for WordPress with localhost and passphrase.
    GRANT USAGE ON *.* TO normuser1wp@localhost IDENTIFIED BY PASSWORD ‘passphrase’;
     
    Edit privileges. Give the user all privileges except grant about the database ‘normuser1db’. Give no global privileges. This is important.
    GRANT ALL PRIVILEGES ON normuser1db.* TO normuser1wp@localhost;
     
    Logout.
    [Client Side]——

  1. Access normuser1’s DocumentRoot by FTP client software.
    Upload an index.html file as a test. Go and see http://VPS_DomainName/~normuser1/ for a test.
     
    As an aside, I used a base64 encoded in-line image scheme for this index.html (^^).
  2. Create a wp folder in the DocumentRoot by the FTP client software.
    Upload all WordPress files into the wp folder via FTP.
  3. Access http://VPS_DomainName/~normuser1/wp/ by the browser and install WordPress.
     
    At the instillation the wp-config.php wasn’t made automatically. So I made it from the installer showing text by an editor and uploaded it to the VPS via FTP. Set the permission of wp-config.php to 404 .
    Otherwise, the WordPress installation normally ended.
     
    Note) I couldn’t make the WordPress got the FTP account information automatically, so I added the followings to the wp-config.php before the line /* That’s all, stop editing! Happy blogging. */. They are for correcting the update issues.
    Ref URL: WordPress Upgrade Constants
     
    define('FTP_USER', 'username');
    define('FTP_PASS', 'password');
    define('FTP_HOST', 'VPS_DomainName');

   After the steps above, I upgraded WordPress 4.0 to 4.1. It successfully ended. But I could not uploaded media files in spite I had made a uploads folder with its permission 707. So, I did the followings.

  1. By the FTP client software, set the permission of uploads folder to 775 because apache needs full access rights to it.
  2. Next three I did as the user centos via SSH. Normal users cannot do them. I think this is very inconvenient when people run production sites with multiple users because two of these three I could not do until making the uploads folder.
    • $ sudo chown -R normuser1:apache \
      /home/normuser1/www/html/wp/wp-content/uploads
    • $ sudo semanage fcontext -a -t public_content_rw_t \
      "/home/normuser1/www/html/wp/wp-content/uploads(/.*)?"
    • $ sudo restorecon -RF /home/sennari/www/html/wp/wp-content/uploads

   Now I have a question. Why does WordPress use different methods about upgrades and media uploads? If it use the method of upgrades for media file uploads, the troubles probably do not occur. Though I don’t realize as I don’t know much about PHP, does the same method for both make something wrong?
 
   Anyway, I’ll try suEXEC Support.

Memorandum #8.

ROLIS descent image
ROLIS descent image
   Hey, have you heard?
 
   Philae landed on comet on November 12th at 15:35 UTC (13th at 00:35 JST).
 
   The comet name is 67P/Churyumov-Gerasimenko. Wow!!
 
   By the way, have you known that our Hayabusa 2 launch is scheduled on November 30th? I can’t wait and I hope good weather!
    Memo 1

  • HeadlineI added alphabet headlines to Notes, and I use Kranky for their font. For this, I made the following customization to the style.css of the main site. I added the lines with “+” at its head.
    @import url("../sugar-and-spice/style.css");
    +@import url(https://fonts.googleapis.com/css?family=Kranky);
     
    /* Typography */
    h1, h2, h3, h4, h5, h6 {
    color: #000;
    }
    +h2 {
    + font-family: 'Kranky', cursive, Arial, sans-serif;
    + font-size: 2em;
    + margin: 0 0;
    +}
     
    Here is the old CSS file before work.
     
    Note) In my case, I changed <h2> tag’s property because I don’t use this tag for any other places on my main site. So, this change does not give any effects to rest of the main site.
  • Memo 2

  • I stopped using the plugin Google Analytics by Yoast. But I still use Google Analytics, so I made some configuration for it.
    1. Make a file named ‘analyticstracking.php’ under instructions at Tracking ID page of Google Analytics and copy it to the child theme directory.
    2. Copy the original header.php of my theme to the child theme directory.
    3. Edit new headr.php.
      Add <? php include_once ("analyticstracking.php")?> to just after <body> tag.
    4. That’s it.
      Note) The change is reflected within several hours or days.

Does cURL have POODLE?

Update information      Edit(Oct.26)

   I wrote about “POODLE” issue on the last post. After that, I suddenly got worried about cURL on WordPress because I read SSLv3 fallback attack POODLE.

   Though I found a following option at curl_setopt,
curl_setopt( $handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
I couldn’t get where I should add it among WordPress Core Scripts. So, I made a topic on WordPress Forums…I’m waiting answers.

Edit(Oct.26):
   I just made the topic [resolved]. Because I got the result that my cURL exactly uses TLSv1.2 by %{SSL_PROTOCOL} on the Apache log. I don’t need CURL_SSLVERSION_TLSv1 on the file class-http.php. If the SSL sever has appropriate configurations, clients can access it safely if their software components have the abilities required.

   Clap clap, (*´▽`*).

WordPress 4.0 named “Benny” is available but waiting Japanese version.

Update information      Edit    Edit2(Sep.6)

   WordPress 4.0 named “Benny” is available but waiting Japanese version. How about you, guys?

Edit:
   I had a comment from くりくりさん on the Japanese blog. He wrote “We can select the WordPress language for its installation.” Is this only for at the new installation? I didn’t see about languages at its upgrade though I already have WordPress 4.0 on my test site. On my production sites I run a multisite type, so I am waiting a Japanese version 4.0 because of unease for upgrading. I can see a new ja.mo in the language folder on the test site. So it might be no problem.

   But the production sites default language is English. To upgrade or not to be: that is the question.

Edit2(Sep.6):
   I upgraded to WordPress 4.0-ja at 02:57. I read WordPress 4.0 における言語関連実装の変更とその注意点. So, I deleted the line “define(‘WPLANG’, ‘ja’);” from my old wp-config.php. I deactivated the plugin WP Multibyte Patch on my WordPress Network and re-activated it for the two Japanese child sites.

   I strongly tell myself to remember the followings the next time.

  1. To add two lines to class-http.php.
  2. To add my CA data to ca-bundle.crt.

WordPress not auto saving all articles on my main site.

Update information      Edit(Sep.6)

   Recently the autosave feature wasn’t working well on o6asan.com though I cannot recall from when. o6asan’s soliloquy and o6asan’s soliloquy-part2 have no problem.

   Apart from this, I found a lot of “WordPress database error Duplicate entry ‘0’ for key ‘PRIMARY’ for query INSERT INTO `WordPress DB table name` ~” on the Apache error log when I checked the errors about php_opcache.dll on August 29.

   Yesterday, I suddenly remembered the errors on the Apache log, and began to get the solution. I saw a lot of sentences related to Notes when I looked into the log again. At the time, I first recognized this errors and autosave feature had a strong relationship. Besides, the errors began on August 23. I must have done something wrong at updating MariaDB. (-_-;)

   I saw what table names the log included, then found them out, i.e. `wp_postmeta`, `wp_posts`, `wp_redirection_logs`, `wp_sitemeta`. I logged in phpMyAdmin and compared wp_postmeta structure with wp_2_postmeta one. Because wp_2_postmeta has no problem. Finally I noticed wp_postmeta had no AUTO_INCREMENT in meta_id’s extra field. I also looked the rests had the same problem.

   First I backed all data up then tried and fixed them.

  1. Select wp_postmeta table.
  2. Select ‘Structure’ from Menu.
  3. Select ‘Change’ from Action of meta_id.
  4. Check ‘A_I’ box on and save.

   If you use CUI, I think you can use the following.
ALTER TABLE `your WP DB name`.`wp_postmeta` CHANGE `meta_id` `meta_id`
BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT;

   I did this for `wp_postmeta` and `wp_posts` without difficulty. But for `wp_redirection_logs` and `wp_sitemeta`, I had the following error.
#1062: ALTER TABLE causes auto_increment resequencing, resulting in duplicate entry ‘1’ for key ‘PRIMARY’

   `wp_redirection_logs` table has just logs of the plugin Redirection. So I emptied the table and did the above steps again. If you use CUI, I think you can use the following.
TRUNCATE `your WP DB name`.`wp_redirection_logs`;

   But I need the contents of the table `wp_sitemeta`. So, I first emptied the table and did the above steps again. Then I clipped `wp_sitemeta` INSERT statement out from the back-up sql file and imported it to the table.

   The errors on the log file have gone and the autosave feature works well now. Mission complete!

   Don’t trust me too much because I handled the errors in my own fashion. m(_”_)m

Edit(Sep.6):
   When I updated to BulletProof Security .50.8, I had a trouble that the Notice “Network/Multisite BPS plugin Network Activation correction:” had not gone away. So, I went talk to the forum. Then I resolved the problem with his help. This trouble is related to the AUTO_INCREMENT missing again. I think it is maybe caused by phpMyAdmin bug that I read several days ago. But who knows about the truth? Sigh.

   Anyway, the Notice has gone. Now I can sleep in peace (^_^;).

To create a BBS by the WordPress plugin bbPress.

Update information      Edit(Aug.16)    Edit2(Nov.4)    Edit3(2016.Feb.27)

   Since I unified my site CMSes to WordPress, I’ve troubled how I create my BBSes on the both sites of Japanese and English.
   What I want my BBSes is two things, one is the normal BBS features of course and the other is a communication board for some troubles on my home server, for example 403 forbidden, 503 Service Unavailable, etc. Hence the BBSes must exist on other servers than my home server.

   On the English site I first used the comment feature of the single WordPress page for this purpose. It didn’t meet both of my requirements. But, I’ve had few people write comments on it so I’ve left it be.
   On the Japanese site I fist created the BBS by a free Perl scripts named ‘Joyful Note‘. It met both of my requirements, but after I transferred my domain on this February new hosting service brings me no Perl cgi service. So I stopped using Joyful Note, and created a new BBS by PukiWiki. Though this PukiWiki board exists on the other server than my home server, its features as a BBS are very poor.

   About ten days earlier, an inspiration hit me. “I just make a BBS like WordPress.org Forums.” I looked into the site HTML source codes, and then I found the word bbPress. Now, I’ve created my BBSes by bbPress on WebCrow which is a free web hosting service of my registrar.

   By the way, you can find tons of information about bbPress form the old to the new. You shouldn’t refer to the old. bbPress is in progress still now and I think its progress’s been very fast. Now, bbPress becomes one of the normal WordPress plugins, so at its installation you need only a WordPress plugin installation.

   My customization to bbPress is the following things only.

  • On some situations, the color of letters are too light than I can read them. So, I change #ccc & #bbb to # 333 on three places in bbpress/templates/default/css/bbpress.css.

         #bbpress-forums .status-closed,
         #bbpress-forums .status-closed a {
             color: #ccc;
     
         .bbp-forum-header a.bbp-forum-permalink,
         .bbp-topic-header a.bbp-topic-permalink,
         .bbp-reply-header a.bbp-reply-permalink {
             color: #ccc;
     
         span.bbp-admin-links a {
             color: #bbb;

   bbPress has no image uploading feature, so I install GD bbPress Attachments. And I customize the following two filters due to convenience for anonymous users.

  • They exist in gd-bbpress-attachments/code/attachments/class.php.
     return apply_filters('d4p_bbpressattchment_is_user_allowed', $allowed);
         ↓
     return apply_filters('d4p_bbpressattchment_is_user_allowed', true);
     
     return apply_filters('d4p_bbpressattchment_is_hidden_from_visitors', $value == 1);
         ↓
     return apply_filters('d4p_bbpressattchment_is_hidden_from_visitors', false);

   I still have a problem about these two plugins. They have no ENTIRE Japanese language files and I couldn’t find them anywhere. I only translated the visible part for visitors. But, their pot flies include a lot of words, especially bbPress, so my work doesn’t meet the unveiling schedule of BBSes (;´o`).

   By the way, I added six Japanese characters (案内サピプッ) to Untitled1_sub.woff. Well, we can use FontForge on Windows easily, clap clap. At this time, WOFFコンバータ didn’t work well though I don’t know about the reason, so I used ttf to woff converter to renew the Untitled1_sub.woff.

   I move all comments on old BBSes to new ones.

  • Note: bbPress has the time when a user modified a comment (_bbp_last_active_time) on each topic and shows it as a post date. I cannot rewrite them from WordPress Admin Panel, and it is a little bit trouble for old comments. So, I rewrote them as MySQL data.

   Mission complete!! Here new BBSes are. Please feel free to use. m(_”_)m

Edit(Aug.16):
   I found https://translate.wordpress.org/projects/bbpress. It’s cool. I have to get involved!

Edit2(Nov.4):
   If your BBS needs more customization, bbPress Shortcodes might help you. Here is Shortcodes Codex.

Edit3(2016.Feb.27):
   Recently, some language files for bbPress, for example Japanese, are automatically downloaded from Translating WordPress. So you don’t need po nor mo files in the plugin language folder. I don’t remember this feature began to work from when. But it works well now. My WordPress is 4.4.2 and bbPress is 2.5.8 at this point.

WordPress3.9.2 Background Updates.

   This morning I had a update message about WordPress 3.9.2 by an email. It is a minor maintenance release. But it includes a fix for ‘a possible denial of service issue in PHP’s XML processing’ and others. They strongly encourage us to update our sites immediately. So if your site does not support automatic background updates, you’d better follow their words and update manually.

   List of Files Revised

readme.html
wp-admin/about.php
wp-includes/ID3/getid3.lib.php
wp-includes/class-IXR.php
wp-includes/class-wp-customize-widgets.php
wp-includes/compat.php
wp-includes/pluggable.php
wp-includes/version.php
wp-login.php

A solution of “SSL3_READ_BYTES:sslv3 alert handshake failure” on WordPress.

   Since WordPress that was version 3.7 had a ca-bundle.crt in its wp-includes folder, I’ve had troubles when I upgrade my WordPress Network. I misunderstood the message “Warning! Problem updating https://SITENAME.” meant one of my sites had a trouble, but now I think it meant the first site the WordPress checked out was wrong and the WordPress had no information about the rest of my sites.

   First I had the “Error message: SSL certificate problem: self signed certificate in certificate chain” because I use a self-signed certificate. But Oiram gave me its solution. All I need is to add my CA cert data to the ca-bundle.crt.

   Next I had the “Error message: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure”. I’ve had a hard time with this trouble for more than two months. Finally, I have the complete solution of this today \(^o^)/.

   I look back now and think the trouble had three issues.

  1. My client.crt had no ssl_client extension. so I re-made a client.crt with ssl_client extension like this. The reference of this is “sslv3 alert handshake failure when using SSL client auth”.
    First, I added the next text to the end of my openssl.cnf.

    [ ssl_client ]
    basicConstraints = CA:FALSE
    nsCertType = client
    keyUsage = digitalSignature, keyEncipherment
    extendedKeyUsage = clientAuth
    nsComment = “OpenSSL Certificate for SSL Client”

    And I made a new client.crt with ssl_client extension.
    >openssl ca -config openssl.cnf -policy policy_anything -extensions ssl_client -in client.csr -out client.crt

    • With the old client.crt, I had the next two errors when I did “openssl s_client -connect o6asan.com:443 -cert client.crt -key client.key -CAfile cacert.pem”. But, the new one gives no error.
    • error:14094418:SSL routines:SSL3_READ_BYTES: ~
      error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure: ~
    • Of course I re-made a new clientcert.p12
  2. At “Upgrade Network”, WordPress uses cURL. But cURL doesn’t accept P12 format certificates. So I need PEM format certificates.
    • To make a clientcert.pem from the clientcert.p12
      >openssl pkcs12 -in clientcert.p12 -nokeys -clcerts -out clientcert.pem
    • To make a clientkey.pem from the clientcert.p12
      >openssl pkcs12 -in clientcert.p12 -nocerts -out clientkey.pem
       
      To make a copy of the clientkey.pem and remove the pass phrase from it.
      >copy clientkey.pem cp_clientkey.pem
      >openssl rsa <cp_clientkey.pem> clientkey.pem
  3. To tell my WordPress the places of the client certificates.
    • To add the following lines to just before the line “curl_setopt( $handle, CURLOPT_CAINFO, $r[‘sslcertificates’] );” in the file class-http.php.

      curl_setopt( $handle, CURLOPT_SSLCERT, 'the exact path of clientcert.pem' );
      curl_setopt( $handle, CURLOPT_SSLKEY, 'the exact path of clientkey.pem' );

      I hate to change WordPress core PHP scripts, so I try and try other methods, but nothing is useful. After all, I add the lines above to the class-http.php.

      To copy the clientcert.pem and the clientkey.pem to somewhere in the server, somewhere means a safer place anyone cannot access via the Internet.

    This reference is Client URL Library.

   If you need how to create certificates, see the post “WordPress: Administration Over SSL #1”.

   Now the error has gone. I’m happy, clap,clap!!