Google Geocode fails due to OpenSSL error in GM 2.9.3 with PHP 5.6

[tchaddad]

from the list:
https://lists.osgeo.org/pipermail/geomoose-users/2018-April/006385.html

I looked into this today for a while and at first it looks like the 2.9.x google_geocoder.php should work fine:

• If the user has an API key specified, then a google geocode request is correctly generated and sent.
• If you independently load the requested URL in a browser, the Google geocode service returns the expected XML response.

However, the simplexml_load_file($request_url) request in the google_geocoder.php script fails with "url not loading", which is somewhat mysterious.

Looking in the Apache error logs, I found:

AH01215: PHP Warning:  simplexml_load_file(): SSL operation failed with code 1. OpenSSL Error messages:: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in google_geocoder.php on line 54

AH01215: PHP Warning:  simplexml_load_file(): Failed to enable crypto in google_geocoder.php on line 54

AH01215: PHP Warning:  simplexml_load_file(https://maps.googleapis.com/maps/api/geocode/xml?address=800+NE+Oregon+Street%2C+Portland%2C+OR&key=blahblahblah): failed to open stream: operation failed in google_geocoder.php on line 54

AH01215: PHP Warning:  simplexml_load_file(): I/O warning : failed to load external entity "https://maps.googleapis.com/maps/api/geocode/xml?address=800+NE+Oregon+Street%2C+Portland%2C+OR&key=blahblahblah" in google_geocoder.php on line 54

So the error is related to:
http://php.net/manual/en/migration56.openssl.php

Solution would be to correctly enable OpenSSL verification, (or if desperate, turn it off) :
https://stackoverflow.com/questions/26148701/file-get-contents-ssl-operation-failed-with-code-1-and-more

[tchaddad]

The solution posted here:

https://stackoverflow.com/questions/32621929/error-when-loading-external-xml-file-with-php-via-https-ssl3-get-server-certif

solved the problem when inserted above the call to simplexml_load_file($request_url).

In the case of MS4W users, they can point to the certificate that is included with that server, so the insert to google_geocoder.php looks like:

$context = stream_context_create(array('ssl'=>array(
    'verify_peer' => true,
    'cafile' => '/ms4w/Apache/conf/ca-bundle/cacert.pem'
)));
libxml_set_streams_context($context);

But that's obviously specific to MS4W configuration, so I guess a generic fix would involve being able to tell GeoMoose where your certificate is in local_settings.ini if that were possible?

[klassenjs]

Is there a reason the Windows build of PHP doesn't know where the CA files are by default? Is there a php.ini setting or maybe compile time setting for this?

IIRC the Linux builds of PHP just know where to look.

[tchaddad]

Yeah that would be a better solution. MS4W's Apache knows where the cert is, but not PHP.

Looking at the php.ini file, it just looks like it is not set / commented out, so I'll close here and link this issue to a MS4W ticket instead.

[jmckenna]

For reference, here is the related MS4W ticket: https://ms4w.com/trac/ticket/171