PHP, Windows and SSL
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Fri Feb 8 06:51:19 PST 2008
Most likely you need to update the ca-bundle according to
http://curl.haxx.se/docs/sslcerts.html
On Windows curl will search for a CA cert file named
"curl-ca-bundle.crt" in these directories and in this order:
1. application's directory
2. current working directory
3. Windows System directory (e.g. C:\windows\system32)
4. Windows Directory (e.g. C:\windows)
5. all directories along %PATH%
Replace it with the one from http://curl.haxx.se/ca/cacert.pem
I suggest to all OpenID consumers and providers to update the ca-bundle
of cURL and libcurl since the version shipped with cURL is from the year
2000!! extracted from Netscape 4.7
Julian Bond wrote:
> I've spent the morning converting my OpenID-Consumer 1.0 code to 2.0.
> I've been hitting problems with providers that use SSL. I've now got to
> the point where authenticating against my myopenid.com ID is working. I
> then switched to the https:// version at myopenid and started getting
> errors. After a bit of digging, I ended up patching temporarily
> ParanoidHTTPFetcher.php to include the line
>
> curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
>
> around line 100
>
> This lets me get to the point where the provider approval page is shown.
> This seems to be a problem with php, curl, openssl and the local CA Cert
> bundle on Windows that I haven't fully sorted yet.
>
> However, after returning, I get the error message
> OpenID authentication failed: Server denied check_authentication
> >From $response->message even though doing the exact same thing to the
> http:// version of the Provider works fine. Any ideas on how to debug
> this?
>
> Windows XP
> Apache 2.2
> PHP 5.2.5
> php-openid-2.0.0
>
>
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080208/0c98b2f7/attachment-0001.htm
More information about the Dev
mailing list