Use composer/ca-bundle for certificates checks

[tucksaun]

Should fix #75

[jenkoian]

This doesn't seem to have fixed the issue on travis for me (re. #75) see https://travis-ci.org/jenkoian/flysystem-gaufrette/builds/217122781

[graemechapman]

@tucksaun I have just tried running your branch through Travis CI, unfortunately this hasn't resolved the issue. Still receiving
An error occurred: gnutls_handshake() failed: A TLS fatal alert has been received..

[tucksaun]

This should fix the An error occurred: SSL: certificate verification failed (result: 5)., I'll have a look for the other one.

[gabeguz]

Hmm... strangely, this fixes the issue on my local dev environment, but not on circleci:

$ cd vendor/sensio-labs/security-checker
$ curl https://github.com/sensiolabs/security-checker/pull/77.patch > 77.patch
$ patch -p1 < 77.patch
$ composer install
$ ./security-checker security:check ./composer.lock

  An error occurred: gnutls_handshake() failed: A TLS fatal alert has been received..

[tucksaun]

@jenkoian thanks for your build link, it helped me to reproduce it and iterate on it :)

So we actually hit two issues here: one is because some distributions can have an empty CA bundle and thus can not check the certificate, this PR is fixing this case.

The other one is that PHP build by Travis can not negotiate TLS handshake (see travis-ci/travis-ci#6339). And we can't do anything from here. I tried several SSL version settings and nothing worked.
As we are hand tied here, we came up with another solution with @fabpot: we now allow HTTP traffic on http://security.sensiolabs.org/check_lock only, so you can use security-checker security:check --end-point=http://security.sensiolabs.org/check_lock.

Travis-CI or circle-ci now needs to update their builds.

[fabpot]

Thank you @tucksaun.

[graemechapman]

Many thanks @tucksaun, this is working now in my Travis builds by using the http end-point.

[gabeguz]

Reported this issue to circleci as well.