Oauth2-xibo-cms-master - Specify crt file?

Is there a way to specify which cert I want outh2-xibo-cms-master to use? We have the path and file set correctly in php.ini and also in the openssl.cnf, but for some reason it is being ignored, or overridden.

I guess you are running that over the command line (i.e. php-cli) ? PHP CLI has a different php.ini file, which might be your issue.

There isn’t any way other than php.ini to specify the certificate.

Just tried to move our setup to a Synology box, that uses DSM6, for use at a conference center. We are unable to get the same setup to work that seems to work everywhere else. We contacted Synology support but they keep insisting that it is a problem with the script and refuse to acknowledge the problem.

After a small tweak to ca-certificates.crt manually, openssl is working correctly. We thought that since it seems Curl relies on it, that it would work as well. Sadly no. Now we are still left with this error:

Fatal error: Uncaught exception 'GuzzleHttp\Exception\RequestException' with message 'cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)' in /volume1/web/..../3rdParty/oauth2-xibo-cms-master/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:187

That is why I was hoping that we could pass(CURLOPT_SSLCERT) the cert location on a variable to Outh2-xibo-cms-master to set an optional setting that would allow us to fix the problem that way. But this does not sound possible.

SSL Cert works fine otherwise on the unit.

Are you sure that you’ve added that cert file to the correct php.ini?

php -i | grep php.ini

The oauth library uses Guzzle under the hood, so you may well be able to provide additional options to curl (source) - I am not sure exactly how that you play into our implementation.

You might be able to create your own Guzzle instance, set the curl option you want and then provide that in the $collaborators array as httpClient.

new \Xibo\OAuth2\Client\Provider\Xibo([..], ['httpClient' => $yourGuzzleInstance])

I think you’d be better off getting it working on the underlying O/S

Doubled checked… yep. Even tried changing every one on the unit.

Me too.

However, Synology is not helpful at all and will not even tell me the correct ca-certificate file to even specify. We did figure that part out, but why our php.ini certificate settings are being overridden, they will not even comment on. The only real response on the whole problem is to specify the certificate we want to use in the in the script.

I appreciate your response Dan and will look into some way of injecting maybe something like this into the Outh2-xibo-cms-master package:
curl_setopt($ch, CURLOPT_SSLCERT, “cert.p12”);
curl_setopt($ch, CURLOPT_SSLCERTTYPE, “P12”)

Maybe as a variable I can set, that way if and when the certificate changes It can be updated easily.

I think that if you created your own Guzzle Client and passed those curl options, and then passed your own client to the Xibo provider constructor - you’d be all of the way there to getting it working.