I recently got an OpenSSL error while I was trying to download a CKEditor plugin from download.ckeditor.com with Composer. Well, it was caused by an environment misconfiguration. I want to have a note on what the issue was about and how I managed to fix it.

It all began on a sunny Saturday. I decided that I am going to use the CKEditor Codesnippet Drupal module for syntax highlighting, and that module depends on the Code Snippet CKEditor plugin downloaded into the [webroot]/libraries folder.

So, what happened?

I added the plugin’s archive as a custom repository to the composer.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
{
  "repositories": {
    "ckeditor/codesnippet": {
      "type": "package",
      "package": {
        "name": "ckeditor/codesnippet",
        "version": "4.8.0",
        "type": "drupal-library",
        "dist": {
          "url": "https://download.ckeditor.com/codesnippet/releases/codesnippet_4.8.0.zip",
          "type": "zip"
        }
      }
    }
  }
}

…and then tried to add the package to the project with Composer:

1
$ composer require "ckeditor/codesnippet:4.8.0"

…and this happened:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
./composer.json has been updated
Gathering patches for root package.
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 1 install, 0 updates, 0 removals
Gathering patches for root package.
Gathering patches for dependencies. This might take a minute.
  - Installing ckeditor/codesnippet (4.8.0): Downloading (0%)
Downloading (0%)
Downloading (0%)

  [Composer\Downloader\TransportException]
  The "https://ckeditor.com/cke4/sites/default/files/codesnippet/releases/codesnippet_4.8.0.zip"
  file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
  error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
  Failed to enable crypto
  failed to open stream: operation failed


require [--dev] [--prefer-source] [--prefer-dist] [--no-progress] [--no-suggest] [--no-update] [--no-scripts] [--update-no-dev] [--update-with-dependencies] [--update-with-all-dependencies] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [--sort-packages] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--] []

routines:ssl3_get_server_certificate:certificate verify failed, WTF? Well, I checked my PHP env by running php -r 'print_r(openssl_get_cert_locations());' from CLI. The result was:

1
2
3
4
5
6
7
8
9
10
11
Array
(
    [default_cert_file] => /Applications/MAMP/Library/OpenSSL/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => /Applications/MAMP/Library/OpenSSL/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => /Applications/MAMP/Library/OpenSSL/private
    [default_default_cert_area] => /Applications/MAMP/Library/OpenSSL
    [ini_cafile] =>
    [ini_capath] =>
)

Both openssl.cafile and openssl.capath are empty. This isn’t a misconfiguration: this just means that these are not set explicitly. In this case the values will fall back to using the OS’s values. The problem was with those.

The solution

I just simply re-defined the cafile location in my active php.ini:

1
2
; OPENSSL
openssl.cafile = /Applications/MAMP/Library/OpenSSL/cert.pem

…and checked if it does what I want by executing php -r 'print_r(openssl_get_cert_locations());' again:

1
2
3
4
5
6
7
8
9
10
11
Array
(
    [default_cert_file] => /Applications/MAMP/Library/OpenSSL/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => /Applications/MAMP/Library/OpenSSL/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => /Applications/MAMP/Library/OpenSSL/private
    [default_default_cert_area] => /Applications/MAMP/Library/OpenSSL
    [ini_cafile] => /Applications/MAMP/Library/OpenSSL/cert.pem
    [ini_capath] =>
)

With this environment change, I was able to download the required plugin with Composer as well 😊.