2
namespace GuzzleHttp\Ring\Client;
5
* Client specific utility functions.
10
* Returns the default cacert bundle for the current system.
12
* First, the openssl.cafile and curl.cainfo php.ini settings are checked.
13
* If those settings are not configured, then the common locations for
14
* bundles found on Red Hat, CentOS, Fedora, Ubuntu, Debian, FreeBSD, OS X
15
* and Windows are checked. If any of these file locations are found on
16
* disk, they will be utilized.
18
* Note: the result of this function is cached for subsequent calls.
21
* @throws \RuntimeException if no bundle can be found.
23
public static function getDefaultCaBundle()
25
static $cached = null;
27
// Red Hat, CentOS, Fedora (provided by the ca-certificates package)
28
'/etc/pki/tls/certs/ca-bundle.crt',
29
// Ubuntu, Debian (provided by the ca-certificates package)
30
'/etc/ssl/certs/ca-certificates.crt',
31
// FreeBSD (provided by the ca_root_nss package)
32
'/usr/local/share/certs/ca-root-nss.crt',
33
// OS X provided by homebrew (using the default path)
34
'/usr/local/etc/openssl/cert.pem',
36
'C:\\windows\\system32\\curl-ca-bundle.crt',
37
'C:\\windows\\curl-ca-bundle.crt',
44
if ($ca = ini_get('openssl.cafile')) {
48
if ($ca = ini_get('curl.cainfo')) {
52
foreach ($cafiles as $filename) {
53
if (file_exists($filename)) {
54
return $cached = $filename;
58
throw new \RuntimeException(self::CA_ERR);
62
No system CA bundle could be found in any of the the common system locations.
63
PHP versions earlier than 5.6 are not properly configured to use the system's
64
CA bundle by default. In order to verify peer certificates, you will need to
65
supply the path on disk to a certificate bundle to the 'verify' request
66
option: http://docs.guzzlephp.org/en/5.3/clients.html#verify. If you do not
67
need a specific certificate bundle, then Mozilla provides a commonly used CA
68
bundle which can be downloaded here (provided by the maintainer of cURL):
69
https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt. Once
70
you have a CA bundle available on disk, you can set the 'openssl.cafile' PHP
71
ini setting to point to the path to the file, allowing you to omit the 'verify'
72
request option. See http://curl.haxx.se/docs/sslcerts.html for more