View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0010015mantisbtauth openidpublic2009-01-04 10:272009-01-15 11:25
ReporterNT Assigned Tovboctor  
PrioritynormalSeveritycrashReproducibilitysometimes
Status closedResolutionfixed 
OSwindows 
Product Versiongit trunk 
Fixed in Version1.2.0a3 
Summary0010015: OpenId integration fails on Windows.
Description

On Windows I get the following error when I try to sign in using OpenId.

Error performing HTTP request: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

This is caused by the certification authority (Equifax) not being in the bundle used by php on windows.

This can be cured by getting a cacert bunble containing this authority on your windows server and adding a line similar to:-

    curl_setopt($curl, CURLOPT_CAINFO, 'pathto/cacert.pem'); // Set the location of the CA-bundle

in MantisOpenId.class.php.

This should be added as a configuration option.

Tagspatch
Attached Files
0002-OpenId-specify-ca-certificate-bundle.patch (1,377 bytes)    
From a35fcf4b4ec8aafe8dec16d0549a43d1c36403a5 Mon Sep 17 00:00:00 2001
From: Nick Tucker <nkjtkr+mantis@googlemail.com>
Date: Sun, 4 Jan 2009 20:59:31 +0000
Subject: [PATCH] OpenId - specify ca certificate bundle


diff --git a/config_defaults_inc.php b/config_defaults_inc.php
index 7e1ea86..2580fb8 100644
--- a/config_defaults_inc.php
+++ b/config_defaults_inc.php
@@ -3429,3 +3429,11 @@
 	 * The name of the site that is registered with rpxnow.
 	 */
 	$g_openid_site_name = '';
+
+	/**
+	 * SSL CA Certificate Bundle.
+	 * If you get "Error performing HTTP request: SSL certificate problem, verify that the CA cert is OK.",
+	 * see http://curl.haxx.se/docs/caextract.html to create a recent certificate file.
+	 *
+	 */
+	$g_openid_ca_bundle = '';
diff --git a/core/classes/MantisOpenId.class.php b/core/classes/MantisOpenId.class.php
index dd1db5c..596ba43 100644
--- a/core/classes/MantisOpenId.class.php
+++ b/core/classes/MantisOpenId.class.php
@@ -246,6 +246,10 @@ class RPX {
         curl_setopt($curl, CURLOPT_WRITEFUNCTION,
                     array(&$this, "_writeResponseData"));
 
+        $ca = config_get( 'openid_ca_bundle' );
+        if ($ca != '') {
+            curl_setopt($curl, CURLOPT_CAINFO, $ca); // Set the location of the CA-bundle
+        }
         curl_exec($curl);
 
         $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
-- 
1.5.6.4
0002-OpenId-specify-ca-certificate-bundle.patch (1,377 bytes)   

Activities

vboctor

vboctor

2009-01-04 23:57

manager   ~0020534

Thanks NT for the patch. I've committed your patch + some internal documentation + manual updates.

Related Changesets

MantisBT: master 94f966d2

2009-01-04 23:54

vboctor


Details Diff		 Fixes 0010015: OpenId integration fails on Windows. Affected Issues
0010015
mod - core/classes/MantisOpenId.class.php Diff File
mod - config_defaults_inc.php Diff File
mod - docbook/adminguide/en/authentication.sgml Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File

MantisBT: master e06e394e

2009-01-04 23:54

vboctor


Details Diff		 Fixes 0010015: OpenId integration fails on Windows. Affected Issues
0010015
mod - core/classes/MantisOpenId.class.php Diff File
mod - docbook/adminguide/en/authentication.sgml Diff File
mod - config_defaults_inc.php Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File