You are here

Home » API reference » Lockr 7.3 » functions.php

function default_ca_bundle in Lockr 7.3

Returns the default cacert bundle for the current system.

First, the openssl.cafile and curl.cainfo php.ini settings are checked. If those settings are not configured, then the common locations for bundles found on Red Hat, CentOS, Fedora, Ubuntu, Debian, FreeBSD, OS X and Windows are checked. If any of these file locations are found on disk, they will be utilized.

Note: the result of this function is cached for subsequent calls.

Return value

string

Throws

\RuntimeException if no bundle can be found.

File

vendor/guzzlehttp/guzzle/src/functions.php, line 160

Namespace

GuzzleHttp

Code

function default_ca_bundle() {
  static $cached = null;
  static $cafiles = [
    // Red Hat, CentOS, Fedora (provided by the ca-certificates package)
    '/etc/pki/tls/certs/ca-bundle.crt',
    // Ubuntu, Debian (provided by the ca-certificates package)
    '/etc/ssl/certs/ca-certificates.crt',
    // FreeBSD (provided by the ca_root_nss package)
    '/usr/local/share/certs/ca-root-nss.crt',
    // SLES 12 (provided by the ca-certificates package)
    '/var/lib/ca-certificates/ca-bundle.pem',
    // OS X provided by homebrew (using the default path)
    '/usr/local/etc/openssl/cert.pem',
    // Google app engine
    '/etc/ca-certificates.crt',
    // Windows?
    'C:\\windows\\system32\\curl-ca-bundle.crt',
    'C:\\windows\\curl-ca-bundle.crt',
  ];
  if ($cached) {
    return $cached;
  }
  if ($ca = ini_get('openssl.cafile')) {
    return $cached = $ca;
  }
  if ($ca = ini_get('curl.cainfo')) {
    return $cached = $ca;
  }
  foreach ($cafiles as $filename) {
    if (file_exists($filename)) {
      return $cached = $filename;
    }
  }
  throw new \RuntimeException(<<<EOT
No system CA bundle could be found in any of the the common system locations.
PHP versions earlier than 5.6 are not properly configured to use the system's
CA bundle by default. In order to verify peer certificates, you will need to
supply the path on disk to a certificate bundle to the 'verify' request
option: http://docs.guzzlephp.org/en/latest/clients.html#verify. If you do not
need a specific certificate bundle, then Mozilla provides a commonly used CA
bundle which can be downloaded here (provided by the maintainer of cURL):
https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt. Once
you have a CA bundle available on disk, you can set the 'openssl.cafile' PHP
ini setting to point to the path to the file, allowing you to omit the 'verify'
request option. See http://curl.haxx.se/docs/sslcerts.html for more
information.
EOT
);
}