Developing software in the Real World

SSL certificate verification on PHP 5.6

I recently updated my local OS X Zend Server installation to PHP 5.6 and when I ran composer self-update, I got this error message:

Googling around, I finally worked out that there have been various SSL improvements in PHP 5.6 and that the problem was that it couldn’t find any OpenSSL certificates on my system. This isn’t a total surprise as OS X has been moving away from using OpenSSL internally in favour of its own libraries.

There’s a new PHP function openssl_get_cert_locations that helps with this and so I ran:

on the command line to find out where PHP was looking. On my system, I got this:

There is no directory /usr/local/openssl-0.9.8zb on my system and SSL_CERT_FILE and SSL_CERT_DIR are not defined, so it’s no surprise that PHP was struggling.

To fix it, I install openssl via homebrew:

This installs the openssl certificates to /usr/local/etc/openssl/cert.pem, so we can now use the new PHP 5.6 INI setting openssl.cafile to tell PHP where to find the certificates:

Adding

to Zend Server’s php.ini solved the problem and I can now use composer once again!

7 thoughts on “SSL certificate verification on PHP 5.6

  1. Must say that it works fine here using PHP 5.6 (via MAMP PRO 3.0.7.2) on OS X 10.10.

    Here some console output:

    What happens if you change those paths to the ones I've got?

  2. I also had this issue (XAMPP 5.6.3 on OSX 10.10.1) except I got these directories instead:

    Although the directory was there, the "cert.pem" file didn't exist so I downloaded http://curl.haxx.se/ca/cacert.pem and saved it as "cert.pem" in the directory. Tried "composer install" again and no more ssl issues! :D

Comments are closed.