Google Oauth2 with Curl Native CA on Windows "cURL error 60"

jsartorisD127

Investigating options to restore retrieval of inbound email. Basic auth stopped working complaining about bad password. Password has been tested and working. Attempted to move to Oauth2 but having issues with configuring the account.

Receiving error "cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://oauth2.googleapis.com/token" after return from google workflow.

I found another post in 1.17 chain with this issue. This was resolved in that case by using a CACert.pem file. I'm currently running OSTicket 1.18.2 with PHP 8.4.5. Due to other project and performance issues I'm do not have the CACert.pem file configured in favor of using the "CURLSSLOPT_NATIVE_CA" options introduced with PHP 8.2 and Curl 7.71.

KevinTheJedi

jsartorisD127

I only know of the way that adds the missing CACert.pem file and updating your PHP INI to use the new file. Other than that you’d have to modify the codebase.

Cheers.

KevinTheJedi

jsartorisD127

You could accomplish this by modifying the plugin here:

https://github.com/osTicket/osTicket-plugins/blob/67a1450f2f79cec0524385de6ad35207369f32e4/auth-oauth2/config.php#L70

You can lookup Guzzle’s cert and verify options. Also, we don’t have any guides or anything unfortunately so you’d be on your own with this.

Cheers.

jsartorisD127

KevinTheJedi

Thanks for pointing me in the right direction. I'm still sorting out and testing the safer option.

For testing purposes to identify this as a useful location, I added a line to disable SSL verification. (Disclaimer, this is UNSAFE, do not do this in production)

This Verify parameter also accepts string values to which point to the full path to the CACert.pem bundle file.
https://docs.guzzlephp.org/en/latest/request-options.html#verify

<plugin folder>\lib\GuzzelHttp\Client.php

Approx line 230.

    private function configureDefaults(array $config): void
    {
        $defaults = [
            'allow_redirects' => RedirectMiddleware::$defaultSettings,
            'http_errors' => true,
            'decode_content' => true,
            'verify' => false,
            'cookies' => false,
            'idn_conversion' => false,
        ];