composer: 302 Redirect on SSL When Downloading Zip Archive Causes Issues

Hey guys, I saw some commits related to openssl and TLS. Dunno if this is related but wanted to pass along. Declared WordPress as a custom repository of type zip. This way I can use composer to run wordpress installs (which is awesome!) This has been working great for about 6 months. I tried doing a composer update to the newest release

URL: https://github.com/WordPress/WordPress/archive/4.4.1.zip

This caused an exception I hadn’t seen before,

Composer through a Transport Exception:

[Composer\Downloader\TransportException]                                                                                                                                
The "https://github.com/WordPress/WordPress/archive/4.4.1.zip" file could not be downloaded: Peer certificate CN=`*.github.com' did not match expected CN=`github.com'  Failed to enable crypto                                                                                                                                              failed to open stream: operation failed using CN=  

Turns out, GitHub issues a 302 redirect, to a subdomain codeload.github.com. Looks like there was some SSL error in the stack somewhere because the SSL Common Name was for the wildcard domain (*.github.com) but I was linking to the link provided by GitHub when you want to download a release.

The fix was simple, I was able to update by changing the source URL in my composer config to the result of the 302 redirect.

https://codeload.github.com/WordPress/WordPress/zip/4.4.1

The fixed composer.json is …

…

"repositories": [
{
  "type": "composer",
  "url": "http://wpackagist.org"
},
{
  "type": "package",
  "package": {
    "name": "wordpress",
    "type": "webroot",
    "version": "4.4.1",
    "dist": {
      "type": "zip",
      "url": "https://codeload.github.com/WordPress/WordPress/zip/4.4.1"
    },
    "require": {
      "fancyguy/webroot-installer": "1.0.0"
    }
  }
}

], …

Keep up the great work guys!