php 5.6 ssl certificate verify -

i trying debug problem ssl certificate verification , have determined openssl cert locations returning incorrect paths. (see below)

how figure out how set this? looked in php.ini file , couldn't find reference anywhere.

cmuench-air:bin cmuench$ ./php -r "print_r(openssl_get_cert_locations());" array (     [default_cert_file] => /bitnami/mampstack56dev-osx-x64/output/common/openssl/cert.pem     [default_cert_file_env] => ssl_cert_file     [default_cert_dir] => /bitnami/mampstack56dev-osx-x64/output/common/openssl/certs     [default_cert_dir_env] => ssl_cert_dir     [default_private_dir] => /bitnami/mampstack56dev-osx-x64/output/common/openssl/private     [default_default_cert_area] => /bitnami/mampstack56dev-osx-x64/output/common/openssl     [ini_cafile] =>      [ini_capath] =>  ) 

php.ini (relevant parts)...i don't see bitnami/mampstack56dev anywhere...

[openssl] ; location of certificate authority (ca) file on local filesystem ; use when verifying identity of ssl/tls peers. users should ; not specify value directive php attempt use ; os-managed cert stores in absence. if specified, value may still ; overridden on per-stream basis via "cafile" ssl stream context ; option. ;openssl.cafile=  ; if openssl.cafile not specified or if ca file not found, ; directory pointed openssl.capath searched suitable ; certificate. value must correctly hashed certificate directory. ; users should not specify value directive php ; attempt use os-managed cert stores in absence. if specified, ; value may still overridden on per-stream basis via "capath" ; ssl stream context option. ;openssl.capath=  ;curl ca bundle certificate curl.cainfo="/applications/phppos/common/openssl/certs/curl-ca-bundle.crt" 

edit:

i know dumb there times ssl certificate self signed. there ini setting can modify disable checking certificates? or have in code sockets , curl?

if check php source openssl_get_cert_locations() function, getting locations calling various openssl functions such x509_get_default_cert_file , looking @ php.ini values openssl.cafile , openssl.capath described here.

what certificates/paths looking exactly? if trying ca bundle file set above referenced php.ini values returned openssl_get_cert_locations.

the default php.ini file php 5.6 has no default settings openssl ini settings need defined manually. configuration located near end of php.ini

[openssl] ; location of certificate authority (ca) file on local filesystem ; use when verifying identity of ssl/tls peers. users should ; not specify value directive php attempt use ; os-managed cert stores in absence. if specified, value may still ; overridden on per-stream basis via "cafile" ssl stream context ; option. ;openssl.cafile=  ; if openssl.cafile not specified or if ca file not found, ; directory pointed openssl.capath searched suitable ; certificate. value must correctly hashed certificate directory. ; users should not specify value directive php ; attempt use os-managed cert stores in absence. if specified, ; value may still overridden on per-stream basis via "capath" ; ssl stream context option. ;openssl.capath= 

when using curl, if want disable cert validation, can pass these options curl_setopt():

curl_setopt($ch, curlopt_ssl_verifypeer, false); curl_setopt($ch, curlopt_ssl_verifyhost, false);  // shouldn't need 

curlopt_ssl_verifypeer described as:

false stop curl verifying peer's certificate. alternate certificates verify against can specified curlopt_cainfo option or certificate directory can specified curlopt_capath option.

curlopt_ssl_verifyhost descibed as:

1 check existence of common name in ssl peer certificate. 2 check existence of common name , verify matches hostname provided. in production environments value of option should kept @ 2 (default value).

if have ca files, can use option curlopt_cainfo provide full path file holding 1 or more certificates verify peer with.

to disable checking stream opened fsockopen, try:

<?php $context = stream_context_create(); $result = stream_context_set_option($context, 'ssl', 'verify_peer', false);  $socket = stream_socket_client('ssl://'.$host . ':443', $errno, $errstr, 30, stream_client_connect, $context);  

see ssl context options more info , stream_socket_client().