php-openid-2.0.0rc2 -> curl and wildcard certs
Will Norris
will at willnorris.com
Mon Aug 6 13:32:47 PDT 2007
It took me forever to figure out why I couldn't do delegated
authentication using the 2.0.0rc2 PHP library, but I finally found
it. My OpenID is delegated to MyOpenID, using a secure URL:
<link rel="openid.server" href="https://www.myopenid.com/server" />
MyOpenID uses a wildcard SSL certificate (*.myopenid.com) and curl
chokes on this...
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:func(144):reason(134)
So there are a few ways around this:
- the easiest is that I change my delegation info to use the
standard http URL. That works, but I lose the security (not really
necessary in this use-case, but may be in others)
- MyOpenID could use a standard, non-wildcard certificate. This
isn't really ideal because the certificate actually is entirely valid
and shouldn't have to be changed.
- have curl accept the certificate. I was able to do this with
`curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);` but that is very
insecure since it turns off CN checking completely. Is there a way
to have curl accept the wildcard certs? I know this may be a better
question for the curl or PHP lists, but if it's not possible I'm
curious to know the recommended course of action.
More information about the Dev
mailing list