OpenSSL Error While Downloading a Composer Package
I recently got an OpenSSL error while I was trying to download a CKEditor plugin from download.ckeditor.com with Composer. Well, it was caused by an environment misconfiguration. I want to have a note on what the issue was about and how I managed to fix it.
It all began on a sunny Saturday. I decided that I am going to use the CKEditor Codesnippet Drupal module for syntax highlighting, and that module depends on the Code Snippet CKEditor plugin downloaded into the [webroot]/libraries
folder.
So, what happened?
I added the plugin’s archive as a custom repository to the composer.json
…
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
{
"repositories": {
"ckeditor/codesnippet": {
"type": "package",
"package": {
"name": "ckeditor/codesnippet",
"version": "4.8.0",
"type": "drupal-library",
"dist": {
"url": "https://download.ckeditor.com/codesnippet/releases/codesnippet_4.8.0.zip",
"type": "zip"
}
}
}
}
}
…and then tried to add the package to the project with Composer:
1
$ composer require "ckeditor/codesnippet:4.8.0"
…and this happened:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
./composer.json has been updated
Gathering patches for root package.
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 1 install, 0 updates, 0 removals
Gathering patches for root package.
Gathering patches for dependencies. This might take a minute.
- Installing ckeditor/codesnippet (4.8.0): Downloading (0%)
Downloading (0%)
Downloading (0%)
[Composer\Downloader\TransportException]
The "https://ckeditor.com/cke4/sites/default/files/codesnippet/releases/codesnippet_4.8.0.zip"
file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
require [--dev] [--prefer-source] [--prefer-dist] [--no-progress] [--no-suggest] [--no-update] [--no-scripts] [--update-no-dev] [--update-with-dependencies] [--update-with-all-dependencies] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [--sort-packages] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--] []…
routines:ssl3_get_server_certificate:certificate verify failed
, WTF? Well, I checked my PHP env by running php -r 'print_r(openssl_get_cert_locations());'
from CLI. The result was:
1
2
3
4
5
6
7
8
9
10
11
Array
(
[default_cert_file] => /Applications/MAMP/Library/OpenSSL/cert.pem
[default_cert_file_env] => SSL_CERT_FILE
[default_cert_dir] => /Applications/MAMP/Library/OpenSSL/certs
[default_cert_dir_env] => SSL_CERT_DIR
[default_private_dir] => /Applications/MAMP/Library/OpenSSL/private
[default_default_cert_area] => /Applications/MAMP/Library/OpenSSL
[ini_cafile] =>
[ini_capath] =>
)
Both openssl.cafile
and openssl.capath
are empty. This isn’t a misconfiguration: this just means that these are not set explicitly. In this case the values will fall back to using the OS’s values. The problem was with those.
The solution
I just simply re-defined the cafile location in my active php.ini
:
1
2
; OPENSSL
openssl.cafile = /Applications/MAMP/Library/OpenSSL/cert.pem
…and checked if it does what I want by executing php -r 'print_r(openssl_get_cert_locations());'
again:
1
2
3
4
5
6
7
8
9
10
11
Array
(
[default_cert_file] => /Applications/MAMP/Library/OpenSSL/cert.pem
[default_cert_file_env] => SSL_CERT_FILE
[default_cert_dir] => /Applications/MAMP/Library/OpenSSL/certs
[default_cert_dir_env] => SSL_CERT_DIR
[default_private_dir] => /Applications/MAMP/Library/OpenSSL/private
[default_default_cert_area] => /Applications/MAMP/Library/OpenSSL
[ini_cafile] => /Applications/MAMP/Library/OpenSSL/cert.pem
[ini_capath] =>
)
With this environment change, I was able to download the required plugin with Composer as well 😊.