-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cURL can't verify ssl certificates (possibly only on Yosemite) #819
Comments
This is definitely a Yosemite issue. I can replicate the error with I first noticed this on a simpler library that I could easily find the cURL code. Commenting out the lines that set a specific cacert file did the trick. I imagine that would also work for Guzzle on Yosemite but I'm not sure how do that. |
if |
Confirmation curl fails with Guzzle's cert:
As I said its an error with Yosemite. The bug was introduced in cURL 7.37.1. As far as I can tell, the only way to "fix" this is have your code realise its running in Yosemite and then not specify a cacert when running Fortunately my live sites are running on a Linux VPS so aren't affected by this bug. See here for upstream ref: http://curl.haxx.se/mail/tracker-2014-08/0007.html |
If you set the "verify" request option to |
What happens when you set "verify" to true? If you have brew installed, can you try setting verify to |
Neither To absolutely prove its a cacert issue this native cURL code works:
|
OK, misread the docs. This works:
However, whilst my PHP installation is certainly compiled against both brew installed cURL and brew installed OpenSSL, setting verify to |
Very strange. It looks like the cURL issue is marked as |
OK, I've got the original code working, i.e.
In order to get this working I re-compiled cURL in homebrew with the flag I think I'll open an issue with Homebrew to verify this. |
I think you can close this issue now. The latest public beta of Yosemite was released recently and I think its fixed the issue. The following now works:
So presumably people using Guzzle without messing around with homebrew's cURL like I have won't get any errors. Though it'd be nice if someone could confirm. |
Glad to hear it's working now. I don't have Yosemite so I can't confirm. I'll close this, but if someone still finds an issue, they can feel free to reopen the issue. |
This issues isn't fixed in the current Yosemite distribution... |
Which version of guzzle are you using? What's your error message?
|
Hi, |
Guzzle 5 uses the default system certificates when run using a cURL RingPHP handler. Try sending a normal curl request from the command line using, say your root user to see if this is a user-specific or environment specific issue. If the error persists, then you can use a custom CA bundle for all requests with a Guzzle client using the following: $client = new GuzzleHttp\Client([
'defaults' => [
"verify" => "/path/to/my/ca-bundle.crt"
]
]); A maintained CA bundle can be found here: https://github.com/bagder/ca-bundle (though you need to make a decision on if you trust this bundle yourself). |
For what it's worth http://curl.haxx.se/docs/caextract.html |
Do either of those include Entrust's G2 certificate? Between that and bloody Google forcing everything to require reissuing, I'm seeing SSL errors left, right, and centre. >.< |
So, has anyone figured out how to solve this? |
@hookdump What isn't working for you? Did you see #819 (comment)? |
@hookdump as @mtdowling said, this should be working now? If you use homebrew make sure that the curl command points to the system version. You can check with the output from |
I was getting this error 60 with PHP 5.6.20 on 10.11.4 with guzzle 6.2.0, tracked it down to my libcurl (7.48 from homebrew) being compiled with libressl. I recompiled using the default openssl and the problem went away. Seems likely that it's because of this bug. |
although this issue was closed, but I hope my answer can help the later googlers. for example, a common missed Root Certificates is Equifax Secure Certificate Authority. |
check your ~/.gitconfig file then don't forget to add them later case the certificate is one that you are using for something else. |
OSX EL Capitan (10.11.1) I have the same issue:
Tried and didn't work:
|
Updating PHP did the thing |
@a-ast I have the same problem, did you manage to fix it? |
@Guillaumez From which php version to which did you update? |
I'm running Yosemite beta 2, I have PHP-5.6 installed via homebrew compiled against homebrew-curl and homebrew-openssl. Guzzle can't verify SSL certs. For example:
results in a RequestException with error message
cURL error 51: SSL: certificate verification failed (result: 5)
The text was updated successfully, but these errors were encountered: