CentOS 6.10 and the recently rotten DST Root CA X3 - dancing with a tambourine, but are there any options?

S

smart852021-10-08 01:15:38

PHP

smart85, 2021-10-08 01:15:38

Colleagues, welcome!
It so happened historically that several wheelbarrows are working under CentOS 6.10 + php + php-fpm There is no way
to update the whole trouble yet, and it's not a fact that it will be.
Since September 30, I have been catching problems with SSL - error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
All because of a rotten DST Root CA X3
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i :/O=Digital Signature Trust Co./CN=DST Root CA X3

Built OpenSSL 1.0.2k on Jan 26, 2017, removed i:/O=Digital Signature Trust Co./CN=DST Root CA X3 and actually in the context of openssl handshake succeeded, but this is only for openssl. And I need to eat it out of puff, and puff, which is not surprising, sees the old openssl:
php -i | grep OpenSSL
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL Header Version => OpenSSL 1.0.1e
-fips 11 Feb 2013
Native OpenSSL support => enabled

?

Thank you for your attention to my question.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

SagePtr, 2021-10-09
@SagePtr

In puff, you can set the path to the ca bundle for the openssl and curl functions through php.ini.
Take the required ca bundle from the curl website .