Cert issue with opencloud

[garrettgjb]

This is happening both locally and on the production server so I'm guessing you guys changed the cert recently and the provider is not very common. I even downloaded the ca bundle from https://curl.haxx.se/ to see if my certs were out of date but that didn't fix it. Any suggestions?

I have php 5.6 and we are using "rackspace/php-opencloud": "v1.16.0",

Error: [curl] 60: SSL certificate problem: unable to get local issuer certificate [url] https://identity.api.rackspacecloud.com/v2.0/tokens
#0 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMulti.php(292): Guzzle\Http\Curl\CurlMulti->isCurlException(Object(Guzzle\Http\Message\EntityEnclosingRequest), Object(Guzzle\Http\Curl\CurlHandle), Array)
#1 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMulti.php(257): Guzzle\Http\Curl\CurlMulti->processResponse(Object(Guzzle\Http\Message\EntityEnclosingRequest), Object(Guzzle\Http\Curl\CurlHandle), Array)
#2 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMulti.php(240): Guzzle\Http\Curl\CurlMulti->processMessages()
#3 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMulti.php(224): Guzzle\Http\Curl\CurlMulti->executeHandles()
#4 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMulti.php(111): Guzzle\Http\Curl\CurlMulti->perform()
#5 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMultiProxy.php(94): Guzzle\Http\Curl\CurlMulti->send()
#6 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Client.php(284): Guzzle\Http\Curl\CurlMultiProxy->send()
#7 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/guzzle/guzzle/src/Guzzle/Http/Message/Request.php(198): Guzzle\Http\Client->send(Object(Guzzle\Http\Message\EntityEnclosingRequest))
#8 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/Identity/Service.php(181): Guzzle\Http\Message\Request->send()
#9 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/OpenStack.php(391): OpenCloud\Identity\Service->generateToken('{"auth":{"RAX-K...')
#10 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/Common/Service/CatalogService.php(210): OpenCloud\OpenStack->authenticate()
#11 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/Common/Service/CatalogService.php(96): OpenCloud\Common\Service\CatalogService->findEndpoint()
#12 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/ObjectStore/Service.php(51): OpenCloud\Common\Service\CatalogService->__construct(Object(OpenCloud\Rackspace), NULL, NULL, 'ORD', NULL)
#13 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/Common/Service/ServiceBuilder.php(51): OpenCloud\ObjectStore\Service->__construct(Object(OpenCloud\Rackspace), NULL, NULL, 'ORD', NULL)
#14 /Applications/XAMPP/xamppfiles/htdocs/proj/vendor/rackspace/php-opencloud/lib/OpenCloud/OpenStack.php(480): OpenCloud\Common\Service\ServiceBuilder::factory(Object(OpenCloud\Rackspace), 'OpenCloud\\Objec...', Array)
#15 /Applications/XAMPP/xamppfiles/htdocs/proj/application/core/Company_Base_Controller.php(1423): OpenCloud\OpenStack->objectStoreService(NULL, 'ORD')
#16 /Applications/XAMPP/xamppfiles/htdocs/proj/application/core/Company_Base_Controller.php(1432): Company_Base_Controller->getCloudFilesService()
#17 /Applications/XAMPP/xamppfiles/htdocs/proj/application/core/Company_Base_Controller.php(253): Company_Base_Controller->getContainer()
#18 

[mfrobben]

Plus one - this is causing an outage in production as we can't upload generated images to our IAD storage bucket.

[mfrobben]

exception 'Guzzle\Http\Exception\CurlException' with message '[curl] 60: [url] https://identity.api.rackspacecloud.com/v2.0/tokens'

[kynx]

Yeah. Problem is that the ancient Guzzle this depends on bundles its own certs.

Workaround is to use your system certs. My factory now looks sumthink like:

                return new Rackspace(
                    $config['auth_url'],
                    [
                        'username' => $config['username'],
                        'apiKey' => $config['api_key']
                    ],
                    [
                        // Guzzle ships with outdated certs
                        Rackspace::SSL_CERT_AUTHORITY => 'system',
                        Rackspace::CURL_OPTIONS => [
                            CURLOPT_SSL_VERIFYPEER => true,
                            CURLOPT_SSL_VERIFYHOST => 2,
                        ],
                    ]
                );

[mfrobben]

Thanks @kynx!!

[mrydz]

Thanks @kynx ! Nothing like debugging a production issue on a Friday.

[garrettgjb]

Thanks @kynx for the workaround.

[pvdhurk]

Thanks @kynx !!

[mavykins]

Thanks @kynx . Wondered why I came into work finding a massive log file complaining about fileupload error's

[n-scott]

Is Rackspace going to replace their dependency on guzzle/guzzle with guzzlehttp/guzzle?

[lrrosa]

Hi @kynx. In wich file should I use this patch? Thanks.

Edit: For now I just replaced Guzzle certificate file and everything is working again. See: https://community.rackspace.com/products/f/dedicated-hybrid-hosting-forum/8674/rackspace-public-cloud-php-opencloud-sdk-errors-due-to-outdated-certificate-authority-list

[kynx]

@lrrosa the snippet I posted is from where I create the Rackspace client in my code, not from anywhere in php-opencloud. HTH.

[itspkr]

FYI - I needed this for one of my own projects so I created a seperate wrapper at: https://github.com/itspkr/rackspace-cloud-flysystem

Literally just points Guzzle back at the system certifcates rather than the outdated ones inside Guzzle.

[arlomedia]

The solutions above didn't fix the problem for me, but this solution did:

https://wordpress.org/support/topic/rackspace-peers-certificate-issuer-is-not-recognized/#post-10526368