CURL error 60 when connecting to Google on windows

[pixelastic]

When trying to connect to the google provider (ParanoidHttpFetcher::get with $url = https://www.google.com/accounts/o8/.well-known/host-meta?hd=www.google.com) I got the following error :

CURL error (60): SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I'm on Windows and it appears that my php/curl install does not have the corresponding certificate built in.

If I manually set the CURLOPT_CAINFO to the path of the OpenID/ca-bundle.crt file, then it solves the problem.

So I added right after $c = curl_init() on line 92 the following line :
curl_setopt($c, CURLOPT_CAINFO, str_replace('', '/', dirname(FILE)).'/../OpenID/ca-bundle.crt');

[pixelastic]

I'm sorry, I just downloaded the latest version and found that there isn't any ca-bundle.crt file in there.
I don't really know where this file comes from, and so my solution does not seems so clear now.

Sorry about that noise, I'm still investigating.

[ccazette]

I had this problem with a MAMP installation. You'll found out that your curl library does not link to a ca-bundle.crt.
http://dev.soup.io/post/56438473/If-youre-using-MAMP-and-doing-something
Even if not using MAMP - you're on windows - that could be the case though in a bundled LAMP stack (easyPHP). On my production environment, curl is configured correctly and everything works.
You can either fix your Curl installation to include a certificate bundle - as shown in the link above - or as a last resort deactivate CURL_SSL_VERIFYPEER in your development environment.

[pixelastic]

You're right, I'm using easyPHP. I have no idea how to configure it to use the ca-bundle I need however.

Note sure if the above commands would work on a Windows environment, and as I'm not expert in this domain I'll keep you informed if I managed to get it working