Just a followup while fixing this issue on a fastcgi box.
I believe the correct variable for the cacert is not the "default_cert_file", but instead the "ini_cafile" value, eg:
Code:
php -r 'print_r(openssl_get_cert_locations());' | grep '\[ini_cafile\]' | awk '{print $3}'
/etc/ssl/certs/cert.pem
or "openssl.cafile" in the phpinfo() output.
And for this case, the solution was to add the cacert of the remote server to the local certs/cert.pem file. It just happened to have a local copy too because it was a wildcard, so I simply ran:
Code:
cat /etc/httpd/conf/ssl.crt/server.ca >> /etc/ssl/certs/cert.pem
The local server.ca matched the remote server.ca, hence this worked for me. If your remote server's ca bundle only exists remotely, then just grab it, and dump it to the end of the /etc/ssl/certs/cert.pem file, so the local box recognizes the remote cert when it's connected to.
Hope this helps someone else!
I had to edit the httpsocket.php class and remove the @ charcter in front of the @fsockopen call in order to see the above errors, which directed me here.
More googling mentioned copying the remote ca to the local certs.
John