pwilkins

I thought to answer your question I search for other uses of https_local_ssl_verify. Here are the places it occurs in my WordPress installation:

find . -name '*.php' | xargs grep https_local_ssl_verify
./wp-content/plugins/backwpup/inc/class-job.php: 'sslverify' => apply_filters( 'https_local_ssl_verify', true ),
./wp-content/plugins/buddypress/bp-forums/bbpress/bb-includes/backpress/class.wp-http.php: if ( $is_local && true != apply_filters('https_local_ssl_verify', true) )
./wp-content/plugins/buddypress/bp-forums/bbpress/bb-includes/backpress/class.wp-http.php:$ssl_verify = apply_filters('https_local_ssl_verify', $ssl_verify);
./wp-content/plugins/buddypress/bp-forums/bbpress/bb-includes/backpress/class.wp-http.php: $ssl_verify = apply_filters('https_local_ssl_verify', $ssl_verify);
./wp-content/plugins/buddypress/bp-forums/bbpress/bb-includes/backpress/class.wp-http.php: $ssl_verify = apply_filters('https_local_ssl_verify', $ssl_verify);
./wp-content/plugins/buddypress/bp-forums/bbpress/bb-includes/backpress/functions.wp-cron.php:	wp_remote_post( $cron_url, array('timeout' => 0.01, 'blocking' => false, 'sslverify' => apply_filters('https_local_ssl_verify', true)) );
./wp-content/plugins/https_local_ssl_verify/backwpup-disable-local-ssl-verify.php: add_filter( 'https_local_ssl_verify', '__return_false' );
./wp-includes/class-http.php: $ssl_verify = apply_filters( 'https_local_ssl_verify', $ssl_verify );
./wp-includes/class-http.php: $ssl_verify = apply_filters('https_local_ssl_verify', $ssl_verify);
./wp-includes/cron.php: 'sslverify' => apply_filters( 'https_local_ssl_verify', true )

Thank you for the work-around. I installed and activated it as a plugin. I now get a different error:
Problem with the SSL CA cert (path? access rights?)

A complicating factor may be that the site authenticates with x509 certificates.

As you guessed, there _is_ a self-signed cert in the certificate chain, but it appears to be the CA Root:

openssl s_client -connect my_domain.mit.edu:443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=US/postalCode=02139/ST=Ma/L=Cambridge/street=77 Massachusetts Ave/O=Massachusetts Institute of Technology/OU=Information Services & Technology/CN=my_server.mit.edu
   i:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
 1 s:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 2 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---

I’d be grateful for any other ideas you may have.