hanj
Veteran
Joined: 19 Aug 2003
Posts: 1500
|
 Posted: Thu Jun 04, 2015 9:38 pm Post subject: Issues with PHP-5.6 and SSL cert verification [SOLVED] |
 |
|
I'm running into a problem with the SSL cert verification changes on PHP-5.6. I came across this post on the subject:
http://akrabat.com/ssl-certificate-verification-on-php-5-6/
Using print_r(openssl_get_cert_locations()); to output cert it's trying to verify against, I get the following output:
| Code: | Array
(
[default_cert_file] => /etc/ssl/cert.pem
[default_cert_file_env] => SSL_CERT_FILE
[default_cert_dir] => /etc/ssl/certs
[default_cert_dir_env] => SSL_CERT_DIR
[default_private_dir] => /etc/ssl/private
[default_default_cert_area] => /etc/ssl
[ini_cafile] =>
[ini_capath] =>
) |
In their example, their default_cert_file was [default_cert_file] => /usr/local/openssl-0.9.8zb/ssl/cert.pem, while mine is /etc/ssl/cert.pem. All they did was install openssl, and set the value in their php.ini
The problem here, is that cert.pem doesn't exist on my system after re-emerging openssl and ca-certificates.
Here are my pertinent versions:
| Code: | [ebuild R ] dev-libs/openssl-1.0.1m::gentoo USE="tls-heartbeat zlib -bindist -gmp -kerberos -rfc3779 -static-libs {-test} -vanilla" ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="(sse2)" 0 KiB
[ebuild R ] app-misc/ca-certificates-20140927.3.17.2::gentoo USE="cacert" 0 KiB |
The problem I'm running into is peer verification issues (I think). I can change the code, and things are happy, but I would rather get things working server side. This is a non-issue with 5.5, and only related to the openssl changes for 5.6.
Thanks in advance!
hanji
_________________
Server Admin Blog - Uno-Code.com
Last edited by hanj on Thu Jun 04, 2015 10:57 pm; edited 1 time in total |
|
Networking & Security
