Issue
I know this has been asked on SO before but I think my situation is a little bit different:
When I'm trying to use curl inside PHP I receive the following error when trying to interact with apples push notification service (https://api.push.apple.com/3/device/)
Curl failed: NSS: client certificate not found (nickname not specified)
This is due to the fact that on centos, php is build with curl that uses NSS instead OpenSSL.
What I tried so far:
- Recompiling curl (worked! Binary is able to perform the call, but php is not)
- Recompiling php (didnt work, as it requires curl-devel to be installed, which might link to NSS again)
So my next approach is to fix this NSS problem, but it turns out NSS is a very bad piece of software as just a simple rename of an imported lets-ecnrypt certificate doesnt work.. ..
Could someone please explain me how I could fix this? I already tried importing a lets encrypt certificate into the NSS database stored in /etc/pki/nssdb, that worked - but unfortunately the certificate is not recognized in PHP, even if I provide its nickname in CURLOPT_SSLCERT => 'nickname'.
Maybe this is because it has special characters inside its nickname which i cannot change as NSS fails to rename (lol).
When I directly try to provide certificates in php using
CURLOPT_SSLCERT => $certFile,
CURLOPT_SSLKEY => $keyFile,
CURLOPT_CAINFO => $caCertFile
I get:
Curl failed: Peer's Certificate issuer is not recognized.
I also turned of peer verification by
CURLOPT_SSL_VERIFYPEER => FALSE
ending in
Curl failed: security library failure
Is there anybody out there who could teach me how to fix it or how to build php on centos with builting curl using openssl?
BR,
Solution
Finally I got this working, here is what I did:
- Recompiled curl with openssl and put the libcurl.so.4 in a new folder /home/mylibs/
- Copied all libs from /usr/lib to /home/mylibs/ while not replacing my libcurl.so.4
- Located the system's php-cgi binary, renamed it to php-cgi-real
- Created a blank file php-cgi
#! /bin/bash
export LD_PRELOAD=/home/mylibs/libcurl.so.4
exec php-cgi-real "$@"
- Restarted the service
- Done!
Answered By - fogbreaker