Composer Require 'package' throws OpenSSL error

4

This problem seems to be common, and i've been through a lot of SO posts related to it and nothing works, and i'm going crazy. Whats weird is that it was working perfectly few weeks ago, and i didnt install anything new since months...

Setup :

  • PHP 7.1.9
  • WAMPSERVER 3.1.0
  • APACHE 2.4.27
  • Composer 1.6.5 (latest)
  • I'm not behind a proxy & no firewall
  • Windows 10

What Works :

  • composer self-update

What does not work :

  • Installing a package

  • I cannot reach https://packagist.org/ with firefox 61.0.1 (64bits) (unsecure connection : MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT)

The error i get with composer require :

[Composer\Downloader\TransportException]
The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed          

php -r "var_dump(openssl_get_cert_locations());" Returns this :

array(8) {
  ["default_cert_file"]=>
  string(25) "c:/usr/local/ssl/cert.pem"
  ["default_cert_file_env"]=>
  string(13) "SSL_CERT_FILE"
  ["default_cert_dir"]=>
  string(22) "c:/usr/local/ssl/certs"
  ["default_cert_dir_env"]=>
  string(12) "SSL_CERT_DIR"
  ["default_private_dir"]=>
  string(24) "c:/usr/local/ssl/private"
  ["default_default_cert_area"]=>
  string(16) "c:/usr/local/ssl"
  ["ini_cafile"]=>
  string(51) "C:/wamp64/bin/php/php7.1.9/extras/ssl/ca-bundle.crt"
  ["ini_capath"]=>
  string(0) ""
}

I've downloaded the ca-bundle.crt and added it to my php.ini file :

curl.cainfo=C:/wamp64/bin/php/php7.1.9/extras/ssl/ca-bundle.crt    
openssl.cafile=C:/wamp64/bin/php/php7.1.9/extras/ssl/ca-bundle.crt

Composer diagnose returns this :

Checking composer.json: OK
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: WARNING
[Composer\Downloader\TransportException] The "http://packagist.org/packages.json" file could not be downloaded (HTTP/1.1 404 Not Found)
Checking https connectivity to packagist: WARNING
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys: OK
Checking composer version: OK
Composer version: 1.6.5
PHP version: 7.1.9
PHP binary path: C:\wamp64\bin\php\php7.1.9\php.exe

composer show -p -vvv | grep ssl returns this :

Reading ./composer.json
Loading config file ./composer.json
Checked CA file C:\wamp64\bin\php\php7.1.9\extras\ssl\ca-bundle.crt: valid
Executing command (C:\wamp64\www\projectName): git branch --no-color --no-abbrev -v
Failed to initialize global composer: Composer could not find the config file: C:/Users/********/AppData/Roaming/Composer/composer.json
To initialize a project, please create a composer.json file as described in the https://getcomposer.org/ "Getting Started" section
Reading C:\wamp64\www\projectName/vendor/composer/installed.json
Loading plugin PackageVersions\Installer
Loading plugin Symfony\Flex\Flex
Composer >=1.7 not found, downloads will happen in sequence
Running 1.6.5 (2018-05-04 11:44:59) with PHP 7.1.9 on Windows NT / 10.0
ext-openssl         7.1.9    The openssl PHP extension
lib-openssl         1.0.2.11 OpenSSL 1.0.2k  26 Jan 2017

php --ini :

Configuration File (php.ini) Path: C:\WINDOWS
Loaded Configuration File:         C:\wamp64\bin\php\php7.1.9\php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed:      (none)

EDIT 1
- Tried emptying cache
- Other web browser (chrome, edge) and it didnt work
- Another computer on same network --> it works

EDIT 2
- Created a new windows user, didnt work

EDIT 3
- I can reach https://repo.packagist.org/ as suggested by @kallosz
- Curl gives me this :

curl -vvv https://packagist.org/
*   Trying 144.217.203.53...
* TCP_NODELAY set
* Connected to packagist.org (144.217.203.53) port 443 (#0)
* schannel: SSL/TLS connection with packagist.org port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 178 bytes...
* schannel: sent initial handshake data: sent 178 bytes
* schannel: SSL/TLS connection with packagist.org port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with packagist.org port 443 (step 2/3)
* schannel: encrypted data got 1462
* schannel: encrypted data buffer: offset 1462 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - La chaîne de certificats a été fournie par une autorité qui n'est pas approuvée.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with packagist.org port 443
* schannel: clear security context handle
curl: (77) schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325)
php
composer-php
ssl-certificate
packagist
asked on Stack Overflow Jul 27, 2018 by Elbarto • edited Jul 30, 2018 by Elbarto

2 Answers

2

try

composer config disable-tls true
composer config secure-http false

you can also change composer config repositories.packagist.org.url to https?://repo.packagist.org.

answered on Stack Overflow Jul 30, 2018 by kallosz
0

I had to reinstall CURL development libraries on Ubuntu, i.e. replace NSS flavor to OpenSSL one:

sudo apt install -y libcurl4-openssl-dev

The rebuilding PHP with phpbrew resulted in libcurl enabled with appropriate library call; which, in turn, recognized CA certificates bundle correctly, pointing it to the right location.

answered on Stack Overflow Dec 29, 2020 by Povilas Brilius

User contributions licensed under CC BY-SA 3.0