The second part should probably be to override api_service_url (which is already defined in global.ini.php.

Piwik_Http supports http over curl, stream (allow_url_fopen=On), and sockets.

However, for https, we have some inconsistency in behaviour:

• curl - supports https, but verifies the host and peer, by default (i.e., CURLOPT_SSL_VERIFYHOST => 2, CURLOPT_SSL_VERIFYPEER => true)
• stream - supports https, but does not verify the peer
• sockets - no support for https

I recommend the SSL option only be offered if Piwik_Http::getTransportMethod() == 'curl'.

Hmm... just noticed that my php 5.2.13 build for Windows doesn't have any CA's configured, so it's failing on the Feedburner stats.

Replying to vipsoft:

Hmm... just noticed that my php 5.2.13 build for Windows doesn't have any CA's configured, so it's failing on the Feedburner stats.

Correction: doesn't have the latest CAs.

The workaround would be to download the CA certs from http://curl.haxx.se/docs/caextract.html, and add a curl opt:

    CURLOPT_CAINFO => PIWIK_INCLUDE_PATH . '/core/DataFiles/cacert.pem',

Not sure how we could detect this at runtime.

(In [3725]) refs #1867 - add curl support for local cacert.pem, if available

As part of this ticket, the download of latest.zip should also happen over HTTPs

• The update functionality needs a digital signature check.
• Only valid downloads should be unpackable and installable.
• All communication with the Piwik.org server should be over SSL

Note: https://api.piwik.org now work!

as well as https://demo.piwik.org https://piwik.org and others :)

To be done after: #728 which will help test the change.

Add a FAQ explaining how to change to https://api.piwik.org in config file.

https://api.piwik.org can be set in the config file