Comments (19)
We had a similar issue on debian
cURL error (77): error setting certificate verify locations:
CAfile: /usr/lib/ssl/certs
CApath: /etc/ssl/certs
And I can confirm, that v1.2.3 fixed it for us.
Thank you all! :)
from ca-bundle.
We are facing the same problem after upgrading to version 1.2.0:
{"0":"Warning: is_file(): open_basedir restriction in effect. File(/etc/pki/tls/cert.pem) is not within the allowed path(s): (/data/var/www/vhosts/***/) in /data/var/www/vhosts/***/vendor/composer/ca-bundle/src/CaBundle.php on line 309","1":"<pre>#1 is_file() called at [vendor/composer/ca-bundle/src/CaBundle.php:309]
Downgrading to version 1.1.4 everything is back to work.
A temporary fix, instead of downgrading, is to add:
"config" {
"disable-tls": true,
}
to the composer.json of the project.
from ca-bundle.
Same here: open_basedir restriction in effect. File(/usr/lib/ssl/certs) is not within the allowed path(s)
from ca-bundle.
I will get a pr up for this tomorrow
from ca-bundle.
In fact or is up now #45
from ca-bundle.
Fixed by #45 - I'll tag 1.2.1 in a minute
from ca-bundle.
I'm still experiencing certificate related issues (through cURL) on both 1.2.0 and 1.2.1, which are resolved by downgrading back to 1.1.4.
cURL error (77): error setting certificate verify locations:
CAfile: /usr/lib/ssl/certs
CApath: /etc/ssl/certs
from ca-bundle.
Do both of them exist ? What does cat /usr/lib/ssl/certs show ?
from ca-bundle.
I'm also running ca-bundle 1.2.1 on Ubuntu 16.04 and am experiencing the same cURL error(77)
from ca-bundle.
@dwightwatson @lfjeff please try again with 1.2.2 to see if it helps..
from ca-bundle.
I've tried again on 1.2.2 but I still appear to have the same issue.
from ca-bundle.
In that case do we remove the openssl default location ? My system defaults to that rather than the paths hard coded ?
Either that or move the openssl location to be below the hard coded paths but before the final fall back of the bundle ?
from ca-bundle.
It looks like the default dir is being used, and the default file is not being overwritten. Previously the default file would have been set.
For some reason the file suggested by openssl_get_cert_locations doesnt actually exist (even on my OS this doesnt exist, the default before hand is used and works kinda by accident.
I think the openssl_get_cert_locations command needs to be removed if it cant be trusted to give a correct path to file ? I have opened a PR if everyone agress to ignore its input and just look it up the classic way
from ca-bundle.
openssl/openssl#4708 could be related.
from ca-bundle.
Same error with 1.2.2 on Ubuntu 16.04
cURL error (77): error setting certificate verify locations:
CAfile: /usr/lib/ssl/certs
CApath: /etc/ssl/certs
Downgrading to 1.1.4 helped me
from ca-bundle.
Can you confirm this file doesn't exist
ls -l /usr/lib/ssl/certs
Thanks
from ca-bundle.
user@server:~/$ ls -l /usr/lib/ssl/certs
lrwxrwxrwx 1 root root 14 May 19 2017 /usr/lib/ssl/certs -> /etc/ssl/certs
from ca-bundle.
Yeah same thing :( Ok looks like that confirms the info from openssl_get_cert_locations
can't be trusted to give a correct path.
So #48 removes it. The CA Dir works fine, but capath needs to be set to a valid PEM cert for it to fall back to using the cadir from testing it.
Can test from command line like so
strace -f curl -vvv --cacert /tmp/certs/DigiCert_Global_Root_CA.pem --capath /tmp/certs https://google.com/ 2>&1 | grep open
Googles root CA is global sign, which is picked up correctly from the --capath
, to make it to there though cacert
needs to be a correct file.
/tmp/certs here is a directory zipped and sent to me from someone having this issue. The certs are fine in there
from ca-bundle.
v1.2.3 is out with the latest fix which removes openssl_get_cert_locations() completely.. hopefully back to normal for everyone.
from ca-bundle.
Related Issues (15)
- Copying bundle outside of Phar HOT 11
- Homebrew OS X certificates are not loaded. HOT 4
- Consider using openssl_get_cert_locations HOT 2
- Certificate of maps.googleapis.com not trusted when fallback to Mozilla CA bundle is used HOT 10
- Automatic updating of cacert.pem? HOT 3
- "Portable" `openssl.cafile` location fails to be detected properly on Windows HOT 1
- Missing Changelog HOT 1
- CA bundle of OpenSSL on Mac OS X not included in CA bundle paths
- Ca-bundle missed new versions of Homebrew OSx HOT 3
- class CaBundle does not extends from class Bundle -> BundleInterface HOT 6
- Attempted to call an undefined method named "getName" of class "Composer\CaBundle\CaBundle" HOT 4
- Error on composer require HOT 4
- Logs for unreadable/non-existent certificates HOT 3
- open_basedir restriction not handled HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ca-bundle.