diff --git a/DOC/READNE.ssl-connection-error b/DOC/READNE.ssl-connection-error new file mode 100644 index 0000000..7ed3ad6 --- /dev/null +++ b/DOC/READNE.ssl-connection-error @@ -0,0 +1,121 @@ +# ---------- +# see also: +# https://github.com/lazyfrosch/docker-icingaweb2/issues/1 +# https://stackoverflow.com/questions/31842400/ssl-issue-after-pear-channel-update-pear-php-net/46544219#46544219 +# +# possible errors +# +# - download of pgp source code failed +# in tha case try to add certificate to ca-certificates file +# +# - pecl runs into error "Connection to `ssl://pecl.php.net:443' failed:" +# - pear runs into error "Connection to `ssl://pear.php.net:443' failed:" +# in that cases try to add certificate to 'default_cert_file' .. +# +# ---------- + +cert_URL="https://curl.haxx.se/ca/cacert.pem" +cert_name="$(basename "https://curl.haxx.se/ca/cacert.pem")" +cert_name_crt="${cert_name%.*}.crt" + + +# === +# Add certificate to default certification file (default_cert_file) +# -- + +# RUN php -r "print_r(openssl_get_cert_locations());" +# +# This will output dfefault ssl certificate locations +# +# Array +# ( +# [default_cert_file] => /usr/lib/ssl/cert.pem +# [default_cert_file_env] => SSL_CERT_FILE +# [default_cert_dir] => /usr/lib/ssl/certs +# [default_cert_dir_env] => SSL_CERT_DIR +# [default_private_dir] => /usr/lib/ssl/private +# [default_default_cert_area] => /usr/lib/ssl +# [ini_cafile] => +# [ini_capath] => +# ) +PHP=/usr/local/php-8.1/bin/php +_default_cert_file="$($PHP -r "print_r(openssl_get_cert_locations());" | grep -E "\[default_cert_file\]" | awk '{print$3}')" + +wget --no-check-certificate -O ${_default_cert_file} "${cert_URL}" + + +# === +# add certificate to ca-certificates file +# === + +_path_to_openssl_dir="$(openssl version -d | awk '{print$2}')" +_path_to_openssl_dir=${_path_to_openssl_dir#\"} +_path_to_openssl_dir=${_path_to_openssl_dir%\"} +_path_to_openssl_dir="$(realpath "${_path_to_openssl_dir}")" + +_default_cert_dir="$(realpath "${_path_to_openssl_dir}/certs")" + +if [[ -d "/usr/local/share/ca-certificates/" ]] ; then + wget --no-check-certificate -O "/usr/local/share/ca-certificates/${cert_name_crt}" "${cert_URL}" +fi + +update-ca-certificates +c_rehash "${_default_cert_dir}" + + + +# ===== +# Find the path to the trusted certificates and add certificate there +# ===== + +# --- +# using PHP +# --- +# +# RUN php -r "print_r(openssl_get_cert_locations());" +# +# This will output dfefault ssl certificate locations +# +# Array +# ( +# [default_cert_file] => /usr/lib/ssl/cert.pem +# [default_cert_file_env] => SSL_CERT_FILE +# [default_cert_dir] => /usr/lib/ssl/certs +# [default_cert_dir_env] => SSL_CERT_DIR +# [default_private_dir] => /usr/lib/ssl/private +# [default_default_cert_area] => /usr/lib/ssl +# [ini_cafile] => +# [ini_capath] => +# ) +# +PHP=/usr/local/php-8.1/bin/php +$PHP -r "print_r(openssl_get_cert_locations());" +# +_default_cert_dir="$($PHP -r "print_r(openssl_get_cert_locations());" | grep -E "\[default_cert_dir\]" | awk '{print$3}')" +_default_cert_dir="$(realpath "${_default_cert_dir}")" + +# --- +# using openssl directly +# --- +_path_to_openssl_dir="$(openssl version -d | awk '{print$2}')" +_path_to_openssl_dir=${_path_to_openssl_dir#\"} +_path_to_openssl_dir=${_path_to_openssl_dir%\"} +_path_to_openssl_dir="$(realpath "${_path_to_openssl_dir}")" + + +if [[ ! -d "${_path_to_openssl_dir}/certs" ]] ; then + mkdir "${_path_to_openssl_dir}/certs" +fi +_default_cert_dir="$(realpath "${_path_to_openssl_dir}/certs")" + + +# --- +# Download certificate and save it into directory '${_default_cert_dir}' +# --- + + +wget --no-check-certificate -P "${_default_cert_dir}" "${cert_URL}" + +chmod 644 "${_default_cert_dir}/${cert_name}" +c_rehash "${_default_cert_dir}" +