Composer Require 'package' throws OpenSSL error
Asked Answered
H

3

4

This problem seems to be common, and i've been through a lot of SO posts related to it and nothing works, and i'm going crazy. Whats weird is that it was working perfectly few weeks ago, and i didnt install anything new since months...

Setup :

  • PHP 7.1.9
  • WAMPSERVER 3.1.0
  • APACHE 2.4.27
  • Composer 1.6.5 (latest)
  • I'm not behind a proxy & no firewall
  • Windows 10

What Works :

  • composer self-update

What does not work :

  • Installing a package

  • I cannot reach https://packagist.org/ with firefox 61.0.1 (64bits) (unsecure connection : MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT)

The error i get with composer require :

[Composer\Downloader\TransportException]
The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed          

php -r "var_dump(openssl_get_cert_locations());" Returns this :

array(8) {
  ["default_cert_file"]=>
  string(25) "c:/usr/local/ssl/cert.pem"
  ["default_cert_file_env"]=>
  string(13) "SSL_CERT_FILE"
  ["default_cert_dir"]=>
  string(22) "c:/usr/local/ssl/certs"
  ["default_cert_dir_env"]=>
  string(12) "SSL_CERT_DIR"
  ["default_private_dir"]=>
  string(24) "c:/usr/local/ssl/private"
  ["default_default_cert_area"]=>
  string(16) "c:/usr/local/ssl"
  ["ini_cafile"]=>
  string(51) "C:/wamp64/bin/php/php7.1.9/extras/ssl/ca-bundle.crt"
  ["ini_capath"]=>
  string(0) ""
}

I've downloaded the ca-bundle.crt and added it to my php.ini file :

curl.cainfo=C:/wamp64/bin/php/php7.1.9/extras/ssl/ca-bundle.crt    
openssl.cafile=C:/wamp64/bin/php/php7.1.9/extras/ssl/ca-bundle.crt

Composer diagnose returns this :

Checking composer.json: OK
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: WARNING
[Composer\Downloader\TransportException] The "http://packagist.org/packages.json" file could not be downloaded (HTTP/1.1 404 Not Found)
Checking https connectivity to packagist: WARNING
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys: OK
Checking composer version: OK
Composer version: 1.6.5
PHP version: 7.1.9
PHP binary path: C:\wamp64\bin\php\php7.1.9\php.exe

composer show -p -vvv | grep ssl returns this :

Reading ./composer.json
Loading config file ./composer.json
Checked CA file C:\wamp64\bin\php\php7.1.9\extras\ssl\ca-bundle.crt: valid
Executing command (C:\wamp64\www\projectName): git branch --no-color --no-abbrev -v
Failed to initialize global composer: Composer could not find the config file: C:/Users/********/AppData/Roaming/Composer/composer.json
To initialize a project, please create a composer.json file as described in the https://getcomposer.org/ "Getting Started" section
Reading C:\wamp64\www\projectName/vendor/composer/installed.json
Loading plugin PackageVersions\Installer
Loading plugin Symfony\Flex\Flex
Composer >=1.7 not found, downloads will happen in sequence
Running 1.6.5 (2018-05-04 11:44:59) with PHP 7.1.9 on Windows NT / 10.0
ext-openssl         7.1.9    The openssl PHP extension
lib-openssl         1.0.2.11 OpenSSL 1.0.2k  26 Jan 2017

php --ini :

Configuration File (php.ini) Path: C:\WINDOWS
Loaded Configuration File:         C:\wamp64\bin\php\php7.1.9\php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed:      (none)

EDIT 1
- Tried emptying cache
- Other web browser (chrome, edge) and it didnt work
- Another computer on same network --> it works

EDIT 2
- Created a new windows user, didnt work

EDIT 3
- I can reach https://repo.packagist.org/ as suggested by @kallosz
- Curl gives me this :

curl -vvv https://packagist.org/
*   Trying 144.217.203.53...
* TCP_NODELAY set
* Connected to packagist.org (144.217.203.53) port 443 (#0)
* schannel: SSL/TLS connection with packagist.org port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 178 bytes...
* schannel: sent initial handshake data: sent 178 bytes
* schannel: SSL/TLS connection with packagist.org port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with packagist.org port 443 (step 2/3)
* schannel: encrypted data got 1462
* schannel: encrypted data buffer: offset 1462 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - La chaîne de certificats a été fournie par une autorité qui n'est pas approuvée.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with packagist.org port 443
* schannel: clear security context handle
curl: (77) schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325)
Hershberger answered 27/7, 2018 at 8:22 Comment(4)
I am able to access packagist.org without any errors...Teleology
@BogdanBurim, i get this error with firefox : MOZILLA_PKIX_ERROR_SELF_SIGNED_CERTHershberger
try to change https://packagist.org to https://repo.packagist.orgShackleford
@Shackleford I can reach repo.packagist.org with firefox. What should i do to make composer work ?Hershberger
S
6

try

composer config disable-tls true
composer config secure-http false

you can also change composer config repositories.packagist.org.url to https?://repo.packagist.org.

Shackleford answered 30/7, 2018 at 13:26 Comment(5)
I won't run your 2 first cmds for security reasons. I added "repositories": { "packagist.org": { "type": "composer", "url": "repo.packagist.org" } } to my composer.json file, and now it works, but it means ill have to add it to all my projects that use composer. is there a way to set that globally ?Hershberger
yes, you can add it to composer config. composer config --editor --globalShackleford
ahhhh well i appreciate your help, at least you gave me a fallback solution. But id really like to solve my problem and make that default behaviour with packagist.org work, i just dont understand whats going on.Hershberger
they change the address of the repository to a new one twitter.com/seldaek/status/1021740439475347456Shackleford
after you update your repository check if your packagist URL is now correct. composer config --global --list and repositories.packagist.org.url should look like this [repositories.packagist.org.url] https?://repo.packagist.orgShackleford
H
3

I had to change the global config file

C:\Users\USERNAME\AppData\Roaming\Composer\config.json

to this:

{
    "config": {
        "disable-tls": true,
        "secure-http": false
    },
    "repositories": [
        {
            "type": "composer",
            "url": "http://repo.packagist.org"
        }
    ]
}
Hornwort answered 10/2, 2022 at 11:47 Comment(0)
F
0

I had to reinstall CURL development libraries on Ubuntu, i.e. replace NSS flavor to OpenSSL one:

sudo apt install -y libcurl4-openssl-dev

The rebuilding PHP with phpbrew resulted in libcurl enabled with appropriate library call; which, in turn, recognized CA certificates bundle correctly, pointing it to the right location.

Fiat answered 29/12, 2020 at 21:23 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.