Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.6.0

Bug #18480 Certificate error when connecting to https://accounts.google.com
Submitted: 2011-04-26 14:41 UTC
From: ikke Assigned:
Status: Bogus Package: HTTP_Request2 (version 2.0.0beta3)
PHP Version: 5.3.1 OS: Ubuntu 10.04
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 43 + 5 = ?

 
 [2011-04-26 14:41 UTC] ikke (Kevin Anon)
Description: ------------ This bug is related to http://pear.php.net/bugs/bug.php?id=18331 When I try to connect to the google server, I first get an unknown error. I then removed the @ sign in the Socket Adapter, I get the following error message: Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /usr/share/php/HTTP/Request2/Adapter/Socket.php on line 322 Using the CURL adapter or disabling verify_peer makes it work. Test script: --------------- $request = new HTTP_Request2(GOOGLE_TOKEN_URL, HTTP_Request2::METHOD_POST); $request->setHeader('Content-Type', "application/x-www-form-urlencoded"); //$request->setConfig('ssl_verify_peer', false); $request->addPostParameter('code', $authorization_code); $request->addPostParameter('client_id', GOS_CLIENT_ID); $request->addPostParameter('client_secret', GOS_CLIENT_SECRET); $request->addPostParameter('redirect_uri', GOS_REDIRECT_URL); $request->addPostParameter('grant_type', "authorization_code"); $response = $request->send(); Expected result: ---------------- I would expect this to work without disbaling ssl_verify_peer, because I don't think google uses self- signed certificates.

Comments

 [2011-04-26 15:02 UTC] avb (Alexey Borzov)
-Status: Open +Status: Bogus
HTTP_Request2 does not validate certificates, OpenSSL does. To do it properly it needs certificate authority files, location of these can be given via ssl_capath / ssl_cafile configuration options. Curl itself has some sane defaults for these so works out of the box.
 [2011-04-26 15:24 UTC] ikke (Kevin Anon)
Isn't it better to add some sane defaults to HTTP_Request2 too?
 [2011-04-26 15:27 UTC] avb (Alexey Borzov)
Sane defaults should be added to OpenSSL library / PHP OpenSSL extension. You can definitely bring that idea to Ubuntu maintainers.