PHP, Windows and SSL

Julian Bond julian_bond at voidstar.com
Fri Feb 8 07:53:51 PST 2008 

That was the first part of the problem. The second part is that I now 
seem to be returning from the OpenID correctly, but the OpenID library 
always returns Auth_OpenID_FAILURE although going to the exact same 
provider but on http works correctly and returns Auth_OpenID_SUCCESS

JB

"Eddy Nigg (StartCom Ltd.)" <eddy_nigg at startcom.org> Fri, 8 Feb 2008 
16:51:19
>Most likely you need to update the ca-bundle according to 
>http://curl.haxx.se/docs/sslcerts.html
>On Windows curl will search for a CA cert file named 
>"curl-ca-bundle.crt" in these directories and in this order:
>
>1. application's directory
>2. current working directory
>3. Windows System directory (e.g. C:\windows\system32)
>4. Windows Directory (e.g. C:\windows)
>5. all directories along %PATH%
>
>Replace it with the one from http://curl.haxx.se/ca/cacert.pem
>
>I suggest to all OpenID consumers and providers to update the ca-bundle 
>of cURL and libcurl since the version shipped with cURL is from the 
>year 2000!! extracted from Netscape 4.7
>
>Julian Bond wrote:
>> I've spent the morning converting my OpenID-Consumer 1.0 code to 2.0.
>> I've been hitting problems with providers that use SSL. I've now got to
>> the point where authenticating against my myopenid.com ID is working. I
>> then switched to the https://  version at myopenid and started getting
>> errors. After a bit of digging, I ended up patching temporarily
>> ParanoidHTTPFetcher.php to include the line
>>
>>  curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
>>
>> around line 100
>>
>> This lets me get to the point where the provider approval page is shown.
>> This seems to be a problem with php, curl, openssl and the local CA Cert
>> bundle on Windows that I haven't fully sorted yet.
>>
>> However, after returning, I get the error message
>>  OpenID authentication failed: Server denied check_authentication
>> >From $response->message even though doing the exact same thing to the
>> http:// version of the Provider works fine. Any ideas on how to debug
>> this?
>>
>> Windows XP
>> Apache 2.2
>> PHP 5.2.5
>> php-openid-2.0.0
>>
>>
>
>--
>Regards Signer:        Eddy Nigg, StartCom Ltd. 
><http://www.startcom.org>
>Jabber:        startcom at startcom.org <xmpp:startcom at startcom.org>
>Blog:          Join the Revolution! <http://blog.startcom.org>
>Phone:         +1.213.341.0390
>
>_______________________________________________
>Dev mailing list
>Dev at lists.openidenabled.com
>http://lists.openidenabled.com/mailman/listinfo/dev

-- 
Julian Bond  E&MSN: julian_bond at voidstar.com  M: +44 (0)77 5907 2173
Webmaster:          http://www.ecademy.com/      T: +44 (0)192 0412 433
Personal WebLog:    http://www.voidstar.com/     skype:julian.bond?chat
                       Certain Limitations Apply

More information about the Dev mailing list