When I use Symfony2 HWIOAuthBundle to connect my web with facebook I have this error
SSL certificate problem: unable to get local issuer certificate
I found on stack how this resolve under this url: Symfony HWIOAuthBundle, how to configure cURL?
but when I was add:
http_client:
verify_peer: false
I get another error:
No property defined for entity for resource owner 'facebook'.
I don't know what is wrong with this.
config/config.yml
imports:
- { resource: parameters.yml }
- { resource: security.yml }
framework:
#esi: ~
translator: { fallback: "pl" }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
templating:
engines: ['twig']
#assets_version: SomeVersionScheme
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
fragments: ~
http_method_override: true
# Twig Configuration
twig:
debug: "%kernel.debug%"
strict_variables: "%kernel.debug%"
# Assetic Configuration
assetic:
debug: "%kernel.debug%"
use_controller: false
bundles: [ ]
#java: /usr/bin/java
filters:
cssrewrite: ~
#closure:
# jar: "%kernel.root_dir%/Resources/java/compiler.jar"
#yui_css:
# jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"
lessphp:
file: %kernel.root_dir%/../vendor/leafo/lessphp/lessc.inc.php
apply_to: "\.less$"
# Doctrine Configuration
doctrine:
dbal:
driver: "%database_driver%"
host: "%database_host%"
port: "%database_port%"
dbname: "%database_name%"
user: "%database_user%"
password: "%database_password%"
charset: UTF8
# if using pdo_sqlite as your database driver, add the path in parameters.yml
# e.g. database_path: "%kernel.root_dir%/data/data.db3"
# path: "%database_path%"
orm:
auto_generate_proxy_classes: "%kernel.debug%"
auto_mapping: true
# Swiftmailer Configuration
swiftmailer:
transport: "%mailer_transport%"
host: "%mailer_host%"
username: "%mailer_user%"
password: "%mailer_password%"
spool: { type: memory }
hwi_oauth:
resource_owners:
facebook:
type: facebook
client_id: xxx
client_secret: xxx
google:
type: google
client_id: xxx
client_secret: xxx
github:
type: github
client_id: xxx
client_secret: xxx
# name of the firewall in which this bundle is active, this setting MUST be set
firewall_name: secured_area
http_client:
verify_peer: false
services:
my.oauth_aware.user_provider.service:
class: HWI\Bundle\OAuthBundle\Security\Core\User\FOSUBUserProvider
arguments:
userManager: "@fos_user.user_manager"
properties: ["pass properties as array"]
fos_user:
db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
firewall_name: main
user_class: Acme\DemoBundle\Entity\User
braincrafted_bootstrap:
less_filter: lessphp
http_client: verify_peer: false
Bad idea.
to connect my web with facebook...
Facebook uses DigiCert as its CA:
$ openssl s_client -connect facebook.com:443
CONNECTED(00000003)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
...
It would be much better if you fetched the CA file you needed and used it in your request. You can find the DigiCert High Assurance EV Root CA at DigiCert Root Certificates.
If you are not going to use PKIX properly, you might as well just use an anonymous protocol like Anonymous Diffie-Hellman (ADH) or Anonymous Elliptic Curve Diffie-Hellman (AECDH). It will save some bandwidth because the server won't need to send a certificate (since you're not verifying it).
Also see SSL certificate problem #368 on the HWIOAuthBundle Github.