Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cert issue with opencloud #727

Open
garrettgjb opened this issue Jun 16, 2018 · 13 comments
Open

Cert issue with opencloud #727

garrettgjb opened this issue Jun 16, 2018 · 13 comments

Comments

@garrettgjb
Copy link

garrettgjb commented Jun 16, 2018
edited

This is happening both locally and on the production server so I'm guessing you guys changed the cert recently and the provider is not very common. I even downloaded the ca bundle from https://curl.haxx.se/ to see if my certs were out of date but that didn't fix it. Any suggestions?

I have php 5.6 and we are using "rackspace/php-opencloud": "v1.16.0",

Error: [curl] 60: SSL certificate problem: unable to get local issuer certificate [url] https://identity.api.rackspacecloud.com/v2.0/tokens
#0 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMulti.php(292): Guzzle\Http\Curl\CurlMulti->isCurlException(Object(Guzzle\Http\Message\EntityEnclosingRequest), Object(Guzzle\Http\Curl\CurlHandle), Array)
#1 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMulti.php(257): Guzzle\Http\Curl\CurlMulti->processResponse(Object(Guzzle\Http\Message\EntityEnclosingRequest), Object(Guzzle\Http\Curl\CurlHandle), Array)
#2 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMulti.php(240): Guzzle\Http\Curl\CurlMulti->processMessages()
#3 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMulti.php(224): Guzzle\Http\Curl\CurlMulti->executeHandles()
#4 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMulti.php(111): Guzzle\Http\Curl\CurlMulti->perform()
#5 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMultiProxy.php(94): Guzzle\Http\Curl\CurlMulti->send()
#6 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Client.php(284): Guzzle\Http\Curl\CurlMultiProxy->send()
#7 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Message/Request.php(198): Guzzle\Http\Client->send(Object(Guzzle\Http\Message\EntityEnclosingRequest))
#8 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/Identity/Service.php(181): Guzzle\Http\Message\Request->send()
#9 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/OpenStack.php(391): OpenCloud\Identity\Service->generateToken('{"auth":{"RAX-K...')
#10 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/Common/Service/CatalogService.php(210): OpenCloud\OpenStack->authenticate()
#11 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/Common/Service/CatalogService.php(96): OpenCloud\Common\Service\CatalogService->findEndpoint()
#12 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/ObjectStore/Service.php(51): OpenCloud\Common\Service\CatalogService->__construct(Object(OpenCloud\Rackspace), NULL, NULL, 'ORD', NULL)
#13 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/Common/Service/ServiceBuilder.php(51): OpenCloud\ObjectStore\Service->__construct(Object(OpenCloud\Rackspace), NULL, NULL, 'ORD', NULL)
#14 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/OpenStack.php(480): OpenCloud\Common\Service\ServiceBuilder::factory(Object(OpenCloud\Rackspace), 'OpenCloud\\Objec...', Array)
#15 /Applications/XAMPP/xamppfiles/htdocs/proj/application/core/Company_Base_Controller.php(1423): OpenCloud\OpenStack->objectStoreService(NULL, 'ORD')
#16 /Applications/XAMPP/xamppfiles/htdocs/proj/application/core/Company_Base_Controller.php(1432): Company_Base_Controller->getCloudFilesService()
#17 /Applications/XAMPP/xamppfiles/htdocs/proj/application/core/Company_Base_Controller.php(253): Company_Base_Controller->getContainer()
#18
@mfrobben
Copy link

Plus one - this is causing an outage in production as we can't upload generated images to our IAD storage bucket.

@mfrobben
Copy link

exception 'Guzzle\Http\Exception\CurlException' with message '[curl] 60: [url] https://identity.api.rackspacecloud.com/v2.0/tokens'

@kynx
Copy link

kynx commented Jun 16, 2018

Yeah. Problem is that the ancient Guzzle this depends on bundles its own certs.

Workaround is to use your system certs. My factory now looks sumthink like:

                return new Rackspace(
                    $config['auth_url'],
                    [
                        'username' => $config['username'],
                        'apiKey' => $config['api_key']
                    ],
                    [
                        // Guzzle ships with outdated certs
                        Rackspace::SSL_CERT_AUTHORITY => 'system',
                        Rackspace::CURL_OPTIONS => [
                            CURLOPT_SSL_VERIFYPEER => true,
                            CURLOPT_SSL_VERIFYHOST => 2,
                        ],
                    ]
                );

@mfrobben
Copy link

Thanks @kynx!!

@mrydz
Copy link

mrydz commented Jun 16, 2018

Thanks @kynx ! Nothing like debugging a production issue on a Friday.

@garrettgjb
Copy link
Author

Thanks @kynx for the workaround.

@garrettgjb garrettgjb mentioned this issue Jun 16, 2018
Open
@pvdhurk
Copy link

pvdhurk commented Jun 18, 2018

Thanks @kynx !!

@mavykins
Copy link

Thanks @kynx . Wondered why I came into work finding a massive log file complaining about fileupload error's

@n-scott
Copy link

n-scott commented Jun 18, 2018

Is Rackspace going to replace their dependency on guzzle/guzzle with guzzlehttp/guzzle?

@lrrosa
Copy link

lrrosa commented Jun 19, 2018
edited

Hi @kynx. In wich file should I use this patch?
Thanks.

Edit:
For now I just replaced Guzzle certificate file and everything is working again.
See: https://community.rackspace.com/products/f/dedicated-hybrid-hosting-forum/8674/rackspace-public-cloud-php-opencloud-sdk-errors-due-to-outdated-certificate-authority-list

@kynx
Copy link

kynx commented Jun 19, 2018

@lrrosa the snippet I posted is from where I create the Rackspace client in my code, not from anywhere in php-opencloud. HTH.

@icheko icheko mentioned this issue Jun 21, 2018
Closed
@kynx kynx mentioned this issue Jul 9, 2018
Open
@itspkr
Copy link

itspkr commented Aug 1, 2018
edited

FYI - I needed this for one of my own projects so I created a seperate wrapper at:
https://github.com/itspkr/rackspace-cloud-flysystem

Literally just points Guzzle back at the system certifcates rather than the outdated ones inside Guzzle.

@kynx kynx mentioned this issue Aug 9, 2019
Closed
@arlomedia
Copy link

The solutions above didn't fix the problem for me, but this solution did:

https://wordpress.org/support/topic/rackspace-peers-certificate-issuer-is-not-recognized/#post-10526368

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@garrettgjb @kynx @arlomedia @mfrobben @mavykins @lrrosa @pvdhurk @itspkr @mrydz @n-scott