Uncaught error when using createForHostname() on an expired certificate (due to verify_peer setting)

[madsnedergaard]

Hey guys.

I am experiencing this problem when calling createForHostName() on a domain, where the certificate is expired.
The error appears to be related to the verify_peer setting, as it works when I set it to false.

Can be reproduced with the following code:

$certificate = SslCertificate::createForHostName('expired.badssl.com');

I am able to get the certificate with the following workaround:

$certificate = SslCertificate::download()->withVerifyPeer(false)->forHost('expired.badssl.com');

Maybe I have just misunderstood something, but shouldn't it be work with createForHostName() by default - even though the certificate is expired? :)

I'd be happy to submit a pull request, but I'm not too strong in SSL and certificates and figured there might be a reason why you have defaulted to true.

Here's the full error dump and stack traces:

Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in APP/vendor/spatie/ssl-certificate/src/Downloader.php on line 161

Warning: stream_socket_client(): Failed to enable crypto in APP/vendor/spatie/ssl-certificate/src/Downloader.php on line 161

Warning: stream_socket_client(): unable to connect to ssl://expired.badssl.com:443 (Unknown error) in APP/vendor/spatie/ssl-certificate/src/Downloader.php on line 161

Fatal error: Uncaught Spatie\SslCertificate\Exceptions\CouldNotDownloadCertificate: Could not download certificate for host `expired.badssl.com` because Could not connect to `expired.badssl.com`. in APP/vendor/spatie/ssl-certificate/src/Exceptions/CouldNotDownloadCertificate.php:21 Stack trace: #0 APP/vendor/spatie/ssl-certificate/src/Downloader.php(168): Spatie\SslCertificate\Exceptions\CouldNotDownloadCertificate::unknownError('expired.badssl....', 'Could not conne...') #1 APP/vendor/spatie/ssl-certificate/src/Downloader.php(102): Spatie\SslCertificate\Downloader->fetchCertificates('expired.badssl....') #2 APP/vendor/spatie/ssl-certificate/src/Downloader.php(125): Spatie\SslCertificate\Downloader->getCertificates('expired.badssl....') #3 APP/vendor/spatie/ssl-certificate/src/Downloade in APP/vendor/spatie/ssl-certificate/src/Exceptions/CouldNotDownloadCertificate.php on line 21

[freekmurze]

It's indeed a bug, I'd accept a PR with tests that fixes this.

[spatie-bot]

Dear contributor,

because this issue seems to be inactive for quite some time now, I've automatically closed it. If you feel this issue deserves some attention from my human colleagues feel free to reopen it.

[bartdenhoed]

Can anyone fix this problem please?

[Touseef993]

same issue

[momon]

I have just started testing this and have encountered the same issue. The method in the original post does work for the time being but this is still a bug it seems.

[kwri-avongluck]

same issue here. The workaround seems to solve it