When I activated $wgInstantCommons on my fresh computer without php-curl (so MW used PhpHttpRequest to download data from Commons), it didn’t work until I specified the caInfo option in PhpHttpRequest (to /etc/ssl/certs, Ubuntu 14.04).
(Then I experienced bug 73199 but this is not directly linked.)
It would be nice if this piece of code could automatically find the certificate repository file or directory. Perhaps some magic value make PHP automatically find the default cert repo of the system or perhaps it works on some couple (PHP version, Operating System).
Else I don’t see other solutions than specifing default cert repo for major OS (I know, it would be a pain to maintain it). Or another option would be to even remove all HTTPS-related code in PhpHttpRequest and require CURL for HTTPS.
Before changing anything, it would be great to see this is bug is widely experienced on various platforms (PHP+OS) or if it is only an isolated case.
Version: 1.25-git
Severity: normal