Search code examples
phpapachecurlzend-frameworkphp-openssl

Can certificate store be placed in application.ini instead of php.ini

I am working on Zend-Framework 1.12 and had to make an https request from the application. I did it by the following way:

$client = new Zend_Http_Client($url);
$client->setAdapter($adaptor);
$client->setConfig(array('keepalive' => true));
$reCaptchaData = json_encode(array());
$client->setRawData($reCaptchaData, 'application/json');
$response = $client->request('POST');

I was getting errors like:

Error in cURL request: SSL certificate problem: unable to get local issuer certificate

Found that I had to add the CA certificates, I downloaded one and added its path to my php.ini.

curl.cainfo="path"
openssl.cafile="path"

It works fine.

  1. But can't I add this to my application.ini? When I try it there it doesn't work.
  2. Does application.ini work as an extension of php.ini? But can't load modules or certificates, because that this done by Apache on a restart? Apache reads the php.ini on a restart and loads everything (I have the path for my php.ini in httpd.conf)?
Solution

  • According to PHP's manual (http://php.net/manual/en/openssl.configuration.php), openssl.cafile is PHP_INI_PERDIR changeable.

    That means, if you read http://php.net/manual/en/configuration.changes.modes.php, that you cannot change it at a script level:

    PHP_INI_PERDIR Entry can be set in php.ini, .htaccess, httpd.conf or .user.ini (since PHP 5.3)

    So, no, you won't be able to set those 2 settings in Zend's application.ini, but you could do it in a .htaccess file via:

    php_value curl.cainfo "path"
php_value openssl.cafile "path"

    Keep in mind this will only work if PHP is loaded as an Apache module.

    If you use PHP-FPM, you'll need to create a specific pool and alter the values there. It's a bit more complicated in this case, and only doable if you have access to the server's config.

    application.ini is not an extension of php.ini as it's got its own syntax, like the phpSettings. prefix.

    What you could also look for is .user.ini as documented here: http://php.net/manual/en/configuration.file.per-user.php

    In order for this to work, you'll need to set a value for user_ini.filename in php.ini, and of course an additional user ini file (you can't use application.ini as a .user.ini file).