3

The OpenID plugin for WordPress doesn't seem to accept either of the Google OpenID provider links:

http://google.com/profiles/username

or

https://google.com/accounts/o8/id

It returns the error (for both):

Could not discover an OpenID
identity server endpoint 
at the url:
http://google.com/profiles/username

Any idea why? The janrain engage plugin works, but I can't use that because of other issues with that.

Vanwaril
  • 7,380
  • 6
  • 33
  • 47

5 Answers5

4

The problem is solved. Since Google, Yahoo and some other OpenID providers provide https endpoints, curl tries to verify the other end when making a POST request to it -- since curl does not come with a pack of CA certificates, it fails on all such endpoints.

The solution is either to tell curl not to verify the provider or give it the correct CA certificate for Google.

Vanwaril
  • 7,380
  • 6
  • 33
  • 47
  • so, how did you do that on wordpress? – grilix Jul 05 '12 at 02:33
  • 1
    If you can install SSL certificates on your host, that's the best option. Otherwise, go through the OpenID PHP code to find where curl attempts to connect to the provider and comment out verification options. I've forgotten the exact details, but it shouldn't be too hard to figure out. – Vanwaril Jul 05 '12 at 04:54
  • Nice, I'm not familiar with such "CA" things :P, but this will help me. Thank you! – grilix Jul 09 '12 at 15:04
0

Please check for missing plugins in php installtion

/etc/php.d/dom.ini, 
/etc/php.d/mysql.ini, 
/etc/php.d/mysqli.ini, 
/etc/php.d/pdo_sqlite.ini, 
/etc/php.d/wddx.ini, 
/etc/php.d/xmlreader.ini, 
/etc/php.d/xmlwriter.ini, 
/etc/php.d/xsl.ini,
user3073069
  • 1
  • 1
0

As @Vanwaril and @tarantinofan pointed out, the correct way to do this is get the proper certs installed on your server.

If however, you choose to take the other route, as @Vanwaril mentioned, and comment out the lines in the openid code base that is responsible for the endpoint verification then do the following:

openid\lib\Auth\Yadis\ParanoidHTTPFetcher.php - insert the following line after line 152

curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);

openid\liv\Auth\OpenID\consumer.php - comment out lines 970 to 979 in the _idResCheckSignature function so that the function returns null rather than an openid error

Again, this is not recommended but you can at least move forward until you can get the proper certs installed on your server.

EDIT: and this link is very helpful for dealing with the certs: https://web.archive.org/web/20090214215411/http://curl.haxx.se/docs/sslcerts.html

Perry
  • 611
  • 6
  • 15
0

I was getting the same error and inspecting apache error logs I got the following

CURL error (60): SSL certificate problem: unable to get local issuer certificate

This was being caused by curl calls from the OpenID plugin.

The following worked for me. Source: https://stackoverflow.com/a/21114601/3826642

  1. Use this certificate root certificate bundle: https://curl.haxx.se/ca/cacert.pem

  2. Copy this certificate bundle on your disk. And use this on php.ini

    curl.cainfo = "path_to_cert\cacert.pem"

Be sure to restart the server after you make changes.

Community
  • 1
  • 1
Alex Wachira
  • 1,225
  • 16
  • 19
0

Must be an issue with the CA certificates on your server. Google has a lot of trouble with their certificates.

Also, I have got this working on my system with Apache, may be trouble with your server too. Try finding a pack of CA certificates for your system and installing it.

tarantinofan
  • 236
  • 2
  • 9