Page MenuHomePhabricator

Composer SSL errors in MediaWiki-Vagrant: "error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed"
Closed, InvalidPublic

Description

Trying to do vagrant git-update, getting these on all the Composer updates:

Loading composer repositories with package information
The "https://repo.packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
https://repo.packagist.org could not be fully loaded, package information was loaded from the local cache and may be out of date
Updating dependencies (including require-dev)
Nothing to install or update
Generating optimized autoload files
mwv_composer /vagrant/mediawiki/extensions/TimedMediaHandler
mwv_composer /vagrant/mediawiki/extensions/TitleBlacklist

Event Timeline

brion created this task.Aug 20 2018, 5:10 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 20 2018, 5:10 PM
brion added a comment.Aug 20 2018, 5:26 PM

The /usr/lib/ssl/cert.pem file specified in config seems to be missing?

vagrant@vagrant:~$ php -r "print_r(openssl_get_cert_locations());"
Array
(
    [default_cert_file] => /usr/lib/ssl/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => /usr/lib/ssl/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => /usr/lib/ssl/private
    [default_default_cert_area] => /usr/lib/ssl
    [ini_cafile] => 
    [ini_capath] => 
)
vagrant@vagrant:~$ ls -ld /usr/lib/ssl/cert.pem
ls: cannot access '/usr/lib/ssl/cert.pem': No such file or directory
brion added a comment.Aug 20 2018, 5:40 PM

(I think that missing file is ok cause the dir is full of other files...?)

But note that the repo.packagist.org cert is new, from August 19 2018, and is certified by Let's Encrypt. Might not be in the old defaults?

brion closed this task as Invalid.Aug 20 2018, 5:48 PM

AAAAAGGGGHHHH the VM has the clock wrong and thinks the cert is not yet valid. Nevermind.