I have a
board which features a 'Sign in with Google+' button and it has suddenly stopped working since somewhere around May 27. It now produces this error:
HTTP Error: (0) error setting certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.
crt
CApath: none
This may be around the time I updated from MyBB 1.8.3 to 1.8.4, but I'm pretty sure I updated the board software
after it started producing this error. Furthermore, I have downgraded back to 1.8.3 and it is still not working.
Another web developer is experiencing the same issue recently with unrelated software, but using the same web host:
https://wordpress.org/support/topic/rand...-reconnect
I am with Net Virtue and have contacted them about it, but they have not changed anything recently and believe it is more likely caused by a change on Google's side, seeing other web hosts such as GoDaddy have the same issue. I tried to contact Google, but it seems all their support is community-driven.
I've tried all sort of things to fix this, even modifying the code myself. No luck. Any suggestions are appreciated.
It seems that the certificate included in the package is not where it should be. Reupload the plugin and try again. Next time please report it in the plugin's thread so I can see this quicker.
There is no certificate included with the plugin as far as I can tell.
Also, I have already tried re-uploading the plugin and reinstalling it.
I have also tried reverting my databases to a much earlier date.
I have tried manually creating a ca-bundle file through SSH, but it is probably invalid because I just copied the main SSL certificate and don't know how to compile a proper ca-bundle. I have also tried fixing the ca-bundle permissions.
I don't even know why it's trying to read ca-bundle - it was working for months with no ca-bundle present.
The error seems to be occurring somewhere during the authentication in Google's API files - specifically Google_OAuth2.php.
I tried updating to the newest version of Google's PHP API, still with no success.
I have tested the plugin and it is working, so it's definitely a problem limited to your board/server. The certificate is included in the package under the following location:
/mygpconnect/src/io/cacerts.pem. However this seems like a cURL misconfiguration error: your certs folder might have the wrong permissions thus the plugin is unable to read them. Contact your host asking to fix the certificate folder by running the SSH command:
/bin/chmod 755 /etc/pki/tls/certs
Well, I feel like I am heading in the right direction now at least.
I SSH'd in and copied cacerts.pem to /etc/pki/tls/certs and fixed the permissions.
It's still presenting the error, but at least I know I have the correct file there. Thanks for your help so far.
You don't need to copy the certificates there: they must be present in the folder /mygpconnect/src/io.
Yes, the certificate is present in that folder and always has been. Right now I'm experimenting with modifying the code which reads cacerts.pem, I still haven't been able to quite pinpoint where in the code this error is occurring.
Edit: Looks like it doesn't involve cacerts.pem, I completely removed any references to it and the same exception is still being thrown.
Edit 2: I found where the error is being thrown from - line 245 of Google_CurlIO.php
Well, the first error is gone! I modified line 305 of Google_HttpRequest.php to:
return 'http://origami64.net/mygpconnect/src/io/cacerts.pem';
This forces it to read the certificate from here instead of etc/pki/tls/certs/ca-bundle.crt.
Now it's throwing a different error, which also seems to stem from Google_HttpRequest.php:
Could not json decode the token
This error is being thrown because token is null.
Maybe I could use a similar trick to fix this error? The only trouble is, I don't know what string token is supposed to be. Any ideas?
Oh wow, it works! What a relief, I've been racking my brain for days!
It had me very concerned, seeing a large portion of my board's users are linked to Google+.
In the end, I fixed it with a small change to Google_CurlIO.php.
I removed the if statement at line 219 so it is always forced to read from the local certificates.