carrion carrion - 1 month ago 5
PHP Question

Curl failed with response: 'unable to get local issuer certificate' on mailwizz

Ive been trying to develop a payment gateway on mailwizz for a payment platform for my country and all was working....it all worked until i was trying to verify transaction using the payment gateway's class then i got that error...heres where i think the problem comes from in the payment gateway's class

private function callViaCurl($interface, $payload = [ ], $sentargs = [ ])
{


$endpoint = PaystackHelpersRouter::PAYSTACK_API_ROOT . $interface[PaystackContractsRouteInterface::ENDPOINT_KEY];
$method = $interface[PaystackContractsRouteInterface::METHOD_KEY];

$this->moveArgsToSentargs($interface, $payload, $sentargs);
$this->putArgsIntoEndpoint($endpoint, $sentargs);

$headers = ["Authorization"=>"Bearer " . $this->secret_key ];
$body = '';
if (($method === PaystackContractsRouteInterface::POST_METHOD)
|| ($method === PaystackContractsRouteInterface::PUT_METHOD)
) {
$headers["Content-Type"] = "application/json";
$body = json_encode($payload);
} elseif ($method === PaystackContractsRouteInterface::GET_METHOD) {
$endpoint = $endpoint . '?' . http_build_query($payload);
}

//open connection

$ch = curl_init();
// set url
curl_setopt($ch, CURLOPT_URL, $endpoint);

if ($method === PaystackContractsRouteInterface::POST_METHOD || $method === PaystackContractsRouteInterface::PUT_METHOD) {
($method === PaystackContractsRouteInterface:: POST_METHOD) && curl_setopt($ch, CURLOPT_POST, true);
($method === PaystackContractsRouteInterface ::PUT_METHOD) && curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");

curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
//flatten the headers
$flattened_headers = [];
while (list($key, $value) = each($headers)) {
$flattened_headers[] = $key . ": " . $value;
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $flattened_headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

// Make sure CURL_SSLVERSION_TLSv1_2 is defined as 6
// Curl must be able to use TLSv1.2 to connect
// to Paystack servers

if (!defined('CURL_SSLVERSION_TLSV1_2')) {
define('CURL_SSLVERSION_TLSV1_2', 6);
}
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSV1_2);

$response = curl_exec($ch);

if (curl_errno($ch)) { // should be 0
// curl ended with an error
$cerr = curl_error($ch);
curl_close($ch);
throw new Exception("Curl failed with response: '" . $cerr . "'.");
}

// Then, after your curl_exec call:
$resp = json_decode($response);
//close connection
curl_close($ch);

if (!$resp->status) {
throw new Exception("Paystack Request failed with response: '" . $resp->message . "'.");
}

return $resp;


}

Answer

This occurs when cURL tries to establish an encrypted connection but doesn't have a local certificate store necessary to determine which certs can be trusted.

There are two options:

1 Add a setting to let cURL know where to find the local certificate store:

curl_setopt($ch, CURLOPT_CAINFO, '/path/to/cacert.pem');

2 Or set the CAINFO within php.ini so that all cURL operations will use the same certificate file, without the need to set that option every time:

php.ini

[curl]
; A default value for CURLOPT_CAINFO option. Must be an absolute path.
curl.cainfo = "/path/to/cacert.pem"

I used this pem file, which I believe is a mirror of Firefox's internal certificate store. Also see this answer

Comments