2

I've made the switch to PHP 8.1 after 7.4.26 and when trying to update some existing projects I get this error while behind my company's proxy:

[Composer\Downloader\TransportException] curl error 60 while downloading https://repo.packagist.org/packages.json: SSL certificate problem: self signed certificate in certificate chain

I've rummaged WAMP around and checked to make sure that:

  • SSL is installed both for apache and PHP
  • The path to the latest cacert.pem is set in the php.ini under both curl.cainfo and openssl.cafile and both lines are uncommented
  • Both my http and my https proxies are set in my environment variables
  • Both composer public keys are set up
  • Restarting my PC/Apache/PHP
  • Clearing composer cache

Running the composer diagnostic in verbose mode I can see that it's reading the correct proxies, that the http request is getting a 200 response, but I get error 60 when it tried to get the https ones. What's bugging me is that if I do curl https://repo.packagist.org/packages.json I get the json without problem. I also have npm and git working just fine behind the same proxy. I've tried running composer with TSL disabled, even going back to my previous version of PHP but I keep getting the same error.

If anyone has an idea what this could be, this is an excerpt from composer diagnose:

Checking platform settings: OK
Checking git settings: Executing command (CWD): git config color.ui
Executing command (CWD): git --version
OK git version 2.29.1
Checking http connectivity to packagist: Downloading http://repo.packagist.org/packages.json using proxy (http://10.96.210.50:8080)
[200] http://repo.packagist.org/packages.json
OK
Checking https connectivity to packagist: Downloading https://repo.packagist.org/packages.json using proxy (http://10.96.210.50:8080)
FAIL
[Composer\Downloader\TransportException] curl error 60 while downloading https://repo.packagist.org/packages.json: SSL certificate problem: self signed certificate in certificate chain
Checking HTTP proxy: Downloading https://repo.packagist.org/packages.json using proxy (http://10.96.210.50:8080)
FAIL
[Composer\Downloader\TransportException] curl error 60 while downloading https://repo.packagist.org/packages.json: SSL certificate problem: self signed certificate in certificate chain
Checking github.com rate limit: Downloading https://api.github.com/rate_limit using proxy (http://10.96.210.50:8080)
FAIL
[Composer\Downloader\TransportException] curl error 60 while downloading https://api.github.com/rate_limit: SSL certificate problem: self signed certificate in certificate chain
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: Downloading https://getcomposer.org/versions using proxy (http://10.96.210.50:8080)
FAIL
[Composer\Downloader\TransportException] curl error 60 while downloading https://getcomposer.org/versions: SSL certificate problem: self signed certificate in certificate chain
Composer version: 2.5.1
PHP version: 8.1.0
PHP binary path: C:\wamp64new\bin\php\php8.1.0\php.exe
OpenSSL version: OpenSSL 1.1.1l  24 Aug 2021
cURL version: 7.77.0 libz 1.2.11 ssl OpenSSL/1.1.1l
zip: extension present, unzip not available, 7-Zip present (7z)
hakre
  • 193,403
  • 52
  • 435
  • 836
n_ivkovic021
  • 33
  • 5
  • This sounds a bit as if you have no clue what the error message "SSL certificate problem: self signed certificate in certificate chain" means? If that is the case, in short it is exactly that what is written: There is a self signed certificate in the certificate chain. Composer / Curl rejects on that. My guess would be that this is related to your companies proxy. Contact your companies department responsible for the proxy and clarify the requirements the proxy comes with. You may need to add non-public certificate authority your company requires to break up TLS for eavesdropping. – hakre Jan 28 '23 at 07:31
  • The checks your did for the certificate files/configuration are due to getting the curl error 60 as well when it is out of date, right? E.g. comparing https://stackoverflow.com/q/21187946/367456 - If so, and the certificate store is up-to-date, what remains are additional certificates your company requires. For me this would be a guess, however you can clarify that with your company and then verify if adding those will enable TLS (SSL) HTTP network traffic in your use-case. Compare [CURLE_PEER_FAILED_VERIFICATION (60)](https://curl.se/libcurl/c/libcurl-errors.html#CURLEPEERFAILEDVERIFICATION) – hakre Jan 28 '23 at 07:40

0 Answers0