For all the reasons that Joseph Scott described, you really want to access WordPress AtomPub service documents using SSL/TLS. Unfortunately, if you look closely at the current APE report, you will both see https and authentication warning.
The reason for this is that even if the service document itself is obtained using a secure connection, with WordPress 2.3, the document itself provides non SSL/TLS URIs for collections and category documents. The net effect of this is that the important parts of the conversation are not secured — among other things, this means that your password is passed only lightly encoded.
Ticket 5298 and this patch addresses this problem. Once that patch is committed to SVN, the warning will disappear from this page on the next hourly run.
The code you reference isn’t attempting to authenticate or verify the peer certificate. All it is attempting to do is determine whether or not the https version of the URI for AtomPub service document is to be advertised in the RSD. Frankly, all it is looking for is a 401 response as an indication that the server is likely be configured properly to support https.
Should the application that fetches the RSD select the Atom “api” on a server that (appears to?) support https, then it is the application’s responsibility to establish a properly secure connection for obtaining the service and categories documents, and to interact with the collections.
cc rubys added Am I misreading line 20 in xmlrpc.php incorrectly? The intent of this patch is to only do this check when fetching the rsd document. See this post for background. Some place in the traversal from [link] =>...
Replying to rubys : Am I misreading line 20 in xmlrpc.php incorrectly? The intent of this patch is to only do this check when fetching the rsd document. See this post for background. Some place in the traversal from [link]...