cURL error 60: SSL certificate problem: self signed certificate in certificate chain

[elr0berto]

I downloaded the test-keys from https://www.getswish.se/content/uploads/2015/06/Guide_Testverktyg_160118.zip

I extracted them from the p12 using extract.sh ..
Result was ca.crt and cl.pem.

My code looks like this:

<?php 
require_once(__DIR__.'/vendor/swish-php/vendor/autoload.php');


use HelmutSchneider\Swish\Client;
use HelmutSchneider\Swish\Util;

// Swish CA root cert
$rootCert = __DIR__.'/../swish/cert_test/ca.crt'; // forwarded to guzzle's "verify" option

// .pem-bundle containing your client cert and it's corresponding private key. forwarded to guzzle's "cert" option
$clientCert = [__DIR__.'/../swish/cert_test/cl.pem', 'swish'];

$client = Client::make($rootCert, $clientCert);

$response = $client->createPaymentRequest([
                                              'callbackUrl' => 'https://localhost/swish',
                                              'payeePaymentReference' => '12345',
                                              'payerAlias' => '4671234768',
                                              'payeeAlias' => '1231181189',
                                              'amount' => '100',
                                              'currency' => 'SEK',
                                          ]);

$data = Util::decodeResponse($response);
var_dump($data);

This throws the following exception:

PHP Fatal error: Uncaught GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) in /home/robert/work/tomtebrevet/tomtebrevet.se/vendor/swish-php/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:187
Stack trace:

0 /home/robert/work/tomtebrevet/tomtebrevet.se/vendor/swish-php/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(150): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array)

1 /home/robert/work/tomtebrevet/tomtebrevet.se/vendor/swish-php/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(103): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))

2 /home/robert/work/tomtebrevet/tomtebrevet.se/vendor/swish-php/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(43): GuzzleHttp\Handler\CurlFactory::finish(Object(GuzzleHttp\Handler\CurlHan in /home/robert/work/tomtebrevet/tomtebrevet.se/vendor/swish-php/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php on line 187

[helmutschneider]

Swish Handel has been down since late may for technical reasons, see https://www.getswish.se/content/uploads/2014/05/Kommunik%C3%A9_Driftstopp_Handel.pdf and https://www.getswish.se/operational-information/. Some information might only be available in Swedish unfortunately.

I can look into your problem when the service is up & running again.

[helmutschneider]

I just tested this on php 7.1.1 on OSX and 5.5.37 on windows, both worked fine. Curl is compiled against openssl on both systems. Can you provide some more configuration details?

Also, try running the tests. Put ca.crt and cl.pem in tests/_data/ and execute

vendor/bin/codecept run --verbose --debug

from the terminal.

[AntonKL]

Getting same error using this docker image https://hub.docker.com/r/nimmis/apache-php5/.

I've noticed problems using just curl in Ubuntu 16 towards Bankgirocentralen. Worked in ubuntu 14 with other version of libcurl with a POST (got a 201 back from API). This docker image is however ubuntu 14 so local libcurl is probably not the problem here. Can you confirm this problem using same image?

I can confirm it works with curl in this image, but not with swish-php lib.

curl

POST /swish-cpcapi/api/v1/paymentrequests HTTP/1.1
> User-Agent: curl/7.35.0
> Host: mss.swicpc.bankgirot.se
> Accept: */*
> Content-Type: application/json
> Content-Length: 241
> 
* upload completely sent off: 241 out of 241 bytes
< HTTP/1.1 201 Created

Trace using swish-php lib

Fatal error: Uncaught exception 'GuzzleHttp\Exception\RequestException' with message 'cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)' in /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:187 Stack trace: #0 /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(150): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array) #1 /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(103): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory)) #2 /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(43): GuzzleHttp\Handler\CurlFactory::finish(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory)) #3 /var/www/html/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php(72): Guz in /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php on line 187

[AntonKL]

@helmutschneider , do you have any idea on my last post? Can you confirm this issue?

[elr0berto]

@helmutschneider My problem (self signed error) was solved by using the test url:

$client = Client::make($rootCert, $clientCert, Client::SWISH_TEST_URL); // SWISH_TEST_URL was missing in my code before.