php-openid-2.0.0rc2 -> curl and wildcard certs
Kevin Turner
kevin at janrain.com
Mon Aug 6 14:50:59 PDT 2007
On Mon, 2007-08-06 at 13:32 -0700, Will Norris wrote:
> It took me forever to figure out why I couldn't do delegated
> authentication using the 2.0.0rc2 PHP library, but I finally found
> it. My OpenID is delegated to MyOpenID, using a secure URL:
> <link rel="openid.server" href="https://www.myopenid.com/server" />
>
> MyOpenID uses a wildcard SSL certificate (*.myopenid.com) and curl
> chokes on this...
> SSL certificate problem, verify that the CA cert is OK. Details:
> error:14090086:SSL routines:func(144):reason(134)
It may be that this is due to a bug with cerl and wildcard certs, but in
the past this sort of problem has come from one of two things:
1) the curl installation is using an old CA list that doesn't have a
current key for the authority that signs https://*.myopenid.com. This
may be fixed by updating the CA bundle as per the instructions at
http://curl.haxx.se/docs/sslcerts.html and
http://curl.haxx.se/docs/caextract.html
2) the curl installation is linked against gnutls. gnutls seems to have
problems talking to myopenid.com in situations where openssl does just
fine. Relinking curl against openssl fixes things.
More information about the Dev
mailing list