Welcome! Log In Create A New Profile

Advanced

Re: PHP 7.2.9 error => fopen(): SSL operation failed with code 1.

Posted by John 
Sorry, I forgot to copy the list on this reply.
-------- Forwarded Message --------
Date: Wed, 12 Sep 2018 23:05:10 -0400Subject: Re: PHP 7.2.9 error => fopen():
SSL operation failed with code 1.To: Nguyễn Hoàng Lân <[email protected]
l.com>Reply-to: john.iliffe@iliffe.caFrom: John <[email protected]>
> Thanks for the prompt reply!
> I checked and there is NO cert.pem file anywhere in the openssl 1.1.0i file
> structure. In fact the path that you suggest {prefix}/ssl/certs is not
> present in openssl 1.1.0i.
> I also have openssl 1.0.2k running and that DOES have the cert.pem file on
> this path.
> Can I just copy that file from the previous openssl?
> John==========================================
>
> On Thu, 2018-09-13 at 09:57 +0700, Nguyễn Hoàng Lân wrote:
> > Can you check if you have cert.pem under your openssl path (something like
> > /built/openssl/ssl/cert.pem)? Check if your php.ini is using a custom path
> > e.g openssl.cafile or openssl.capath also
> >
> > Vào Th 5, 13 thg 9, 2018 vào lúc 09:44 John <[email protected]> đã
> > viết:
> > > PHP 7.2.9 with openssl 1.1.0i on php-fpm
> > >
> > >
> > >
> > > I just updated to PHP 7.2.9 from PHP 5.6.30 and I have resolved many of
> > > the
> > >
> > > problems but this one's got me. The full error message is:
> > >
> > >
> > >
> > > --------------
> > >
> > > PHP Warning: fopen(): SSL operation failed with code 1. OpenSSL Error
> > >
> > > messages:\nerror:1416F086:SSL
> > >
> > > routines:tls_process_server_certificate:certificate verify failed in
> > >
> > > /httpd/xxxx.php on line 9999
> > >
> > > ---------------
> > >
> > >
> > >
> > > and a number of derived errors following. I reverted to 5.6.30 and this
> > > open()
> > >
> > > works properly so it is related to PHP 7 somehow.
> > >
> > >
> > >
> > > Googling turned up many possible answers but none of them seem to work on
> > > my PHP
> > >
> > > here. The most common answer is to put this in the script ahead of the
> > > open:
> > >
> > >
> > >
> > > stream_context_set_default( [
> > >
> > > 'ssl' => [
> > >
> > > 'verify_peer' => false,
> > >
> > > 'verify_peer_name' => false,
> > >
> > > ],
> > >
> > > ]);
> > >
> > >
> > >
> > > Other than being a huge security hole, it doesn't work. The location I am
> > >
> > > trying to open has a valid certificate and the signing CA is Verisign so
> > > it is
> > >
> > > unlikely that openssl doesn't have the current CA certificate available.
> > >
> > >
> > >
> > > How would I proceed to debug this?
> > >
> > >
> > >
> > > Any ideas would be very much appreciated.
> > >
> > >
> > >
> > > John
> > >
> > > ==============================================
> > >
> > >
> > >
Sorry, only registered users may post in this forum.

Click here to login