Open ID for google, errors out

Hi, My call to Google OpenID authentication errors out, with the following error
CURL error (60): SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


Note that this works from my local host, though no CURL module is installed on my PHP. However CURL is installed on my server.

The error happens irrespective of whether I add code to call to

Code:

---

$ch = curl_init();
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
$output = curl_exec($ch);

---

Can some one help

cURL is not installed on your local system, yet you're using this code (that uses cURL) and it works? ...

anyway, you never actually make a request with cURL in the code you posted. if you come back and say, "I took that out when posting," then I'm going to go ahead and say now that no one can help you fix your problem if they don't know what you're doing.

The issue is not with local system. when there is no CURL on local, there is no need to disable it anyway, so the CURL code i put earlier is not used locally. The openid works from local, thus.

Now coming to server, where CURL is enabled, I tried with and with out the CURL disabling code, yet, I get the same error. I even tried to create a self signed certificate and uploaded to Google accounts where the site is registered, but in vain

Thanks
Vijay S

I use the classes by Jan Rain http://www.openidenabled.com/php-openid/

Code:

---

$store=new Auth_OpenID_FileStore("./sessfiles");
$aconsumer=new Auth_OpenID_Consumer($store);
        $authreq=$aconsumer->begin("http://www.google.com/accounts/o8/id")

---

You're really not providing enough clear information for anyone to help you. Post your code (all of it), explain what it should be doing by your estimation, and point out where the error is occurring (if you know).

Sure, I have no issues in giving my full page. However experts in openid can easily recognize those lines I pasted.
Here is my code . Now don't ask me :D where are the Consumer.php and Filestore.php.. They are a part of the openid classes by Jan Rain, the link of which I provided earlier. They are huge number of classes to tag here.. :)

The line "$authreq=$aconsumer->begin("https://www.google.com/accounts/o8/id");" works well in local, where as errors out on server, the error message I pasted in my first post.

This method is expected to return an object of the type AuthReq which is of the XML format.

Code:

---

<?php
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
session_start();
$ch = curl_init();
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
$output = curl_exec($ch);
 echo $output;
if($_POST['submitted']=='1' && !empty($_POST['email']))
{
echo "Email is :".$_POST['email']."<BR>";
$store=new Auth_OpenID_FileStore("./sessfiles");
$aconsumer=new Auth_OpenID_Consumer($store);
$authreq=$aconsumer->begin("https://www.google.com/accounts/o8/id");
echo "Successful";
}
else
{
  echo "nothing submitted<BR>";
}

?>
<form method="post" action="openidexample.php">
<input type=hidden value='1' name="submitted">
<input type=text name="email" >
<button>Submit</button>
</form>

---

Okay, I think I understand your problem now. All of this...

Code:

---

$ch = curl_init();
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
$output = curl_exec($ch);
echo $output;

---

...appears to be meaningless. Using "curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false)" is affecting the curl connection defined by $ch, not the one that's actually being used by the OpenID library when you call $aconsumer->begin(). You can either try to modify the library script yourself (the code for this appears to be in Auth/Yadis/ParanoidHTTPFetcher.php), or fix your cert problem (recommended). I don't know exactly how to do that. Some Googling suggests checking that curl's path to the cert is correct, and ensuring that you have proper access rights to the folder where the cert is stored.