Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error loading feed content: cURL error 60: SSL certificate problem: unable to get local issuer certificate #1099

Open
K232 opened this issue Mar 27, 2019 · 7 comments

Comments

@K232
Copy link

K232 commented Mar 27, 2019

There are already some older issues regarding this topic "error loading feed content: cURL error 60: SSL certificate problem: unable to get local issuer certificate" and #505 (comment) was marked as solution, but unfortunately I'm on shared webhosting and therefore I do not have access to php.ini.

Is there anything I could do right within selfoss?

@jtojnar
Copy link
Member

jtojnar commented Mar 27, 2019

Since we switched to Guzzle in development builds, you can set the verify flag to a certificate file in https://github.com/SSilence/selfoss/blob/66b08f81f4271eb50e9fb62c2e1de1db24f6ee3b/helpers/WebClient.php#L40. We could support changing it in config.

The issue still persists with Twitter spout, which doesn't use Guzzle yet.

@K232
Copy link
Author

K232 commented Mar 28, 2019

Hi @jtojnar , thanks for fast reply!
I've downloaded latest development build and updated Webclient.php:

            $httpClient = new GuzzleHttp\Client([
                'headers' => [
                    'User-Agent' => self::getUserAgent(),
                ],
                'handler' => $stack,
		'verify' => '/var/www/vhosts/path/to/my/site/cacert.pem',
            ]);

I'm using cacert.pem from https://curl.haxx.se/docs/caextract.html as linked in above 505 comment. Error Message is error loading feed content: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
Did I add it wrong?

@K232
Copy link
Author

K232 commented Mar 28, 2019

Ah, maybe I just have a wrong path? if I set verify = false (for testing only of course), error message disappears.....

@jtojnar
Copy link
Member

jtojnar commented Mar 28, 2019

You can try \F3::get('BASEDIR') . '/data/ca-bundle.crt' and download the file Guzzle links to https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt. Not sure why cacert.pem does not work.

Edit: hmm, that file is the same as http://curl.haxx.se/ca/cacert.pem

@K232
Copy link
Author

K232 commented Mar 29, 2019

No problem, @jtojnar . The page I tried to add resulted (with verify = false) in error is invalid XML, likely due to invalid characters. XML error: Undeclared entity error at line 39, column 55 so it doesn't work anyway, but that's not the problem of selfoss.
Probably it would be nice to have this setting in the config so I don't know whether I should close this issue. Feel free to close! And thanks a lot for your support!! 👍

@jtojnar
Copy link
Member

jtojnar commented Mar 29, 2019

Let’s keep this open until we add the config option.

@jtojnar
Copy link
Member

jtojnar commented Mar 29, 2019

Actually, we might want selfoss to obtain the cacert.pem file. But then the issue becomes how do we verify that the download itself was not MITMed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants