Unable to enable crypto on TCP connection

[pensiero]

When i try to return some YOutube videos of a specific user with:

$yt = new \ZendGData\YouTube();
$yt->getuserUploads('usernameYoutube');

i receive this error: Unable to enable crypto on TCP connection gdata.youtube.com: make sure the "sslcapath" option points to a valid SSL certificate directory

What do i have to do? Is't a bug? I saw this:
http://framework.zend.com/issues/browse/ZF2-490

but i don't understand what i have to edit... i tested the system on debian and mac and i return the same error...

[pensiero]

Anybody? It is very important...

[ezimuel]

This is an issue coming from OpenSSL and the certificates installed in your environment. If you cannot install the SSL certificate of gdata on your machine I suggest to try to set the sslverifypeer to false.
You can do that using this code before the getuserUploads() call:
$yt->getHttpClient()->setOptions(array('sslverifypeer' => false));

[memphys]

Experiencing same problem right now with \ZendGData\Spreadsheets in production. Setting an option didn't help. Still got this:

Unable to enable crypto on TCP connection www.google.com: make sure the "sslcapath" option points to a valid SSL certificate directory

But everything is fine locally.

[weierophinney]

This is an issue with how your http adapter is configured. Use the curl
adapter, or make sure the sslcapath is set to a valid location.

On Tuesday, November 6, 2012, Roman Lapin wrote:

Experiencing same problem right now with \ZendGData\Spreadsheets in
production. Setting an option didn't help. Still got this:

Unable to enable crypto on TCP connection www.google.com: make sure the
"sslcapath" option points to a valid SSL certificate directory

But everything is fine locally.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/7#issuecomment-10122206.

Matthew Weier O'Phinney
matthew@weierophinney.net
http://mwop.net/

[memphys]

@weierophinney many thanks! Using curl adapter helped.

[pensiero]

Can someone explain how to use the curl adapter or edit sslcapath to a valid location?

[memphys]

@gamempire I did it this way for Spreadsheets:

        $service = \ZendGData\Spreadsheets::AUTH_SERVICE_NAME;
        $adapter = new \Zend\Http\Client\Adapter\Curl();
        $httpClient = new \ZendGData\HttpClient();
        $httpClient->setAdapter($adapter);
        $client = \ZendGData\ClientLogin::getHttpClient($login, $password, $service, $httpClient);

I believe there are alternative ways, but that one worked for me.

[FabianKoestring]

When i do so i get the following exception.

Error in cURL request: SSL certificate problem, verify that the CA cert is OK.
Details error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Anybody got it work?

[FabianKoestring]

The only thing that worked for me is to set the VERIFYHOST and VERIFYPEER options like this.

$service = \ZendGData\Analytics::AUTH_SERVICE_NAME;
$adapter = new \Zend\Http\Client\Adapter\Curl();
$adapter = $adapter->setCurlOption(CURLOPT_SSL_VERIFYHOST,false);
$adapter = $adapter->setCurlOption(CURLOPT_SSL_VERIFYPEER,false);
$httpClient = new \ZendGData\HttpClient();
$httpClient->setAdapter($adapter);  
$client = \ZendGData\ClientLogin::getHttpClient("***", "***", $service, $httpClient);

[tineo]

@weierophinney many thanks! Using curl adapter helped.

[icywolfy]

I'm running into the same issue, (Centos 6; Ubuntu) where I'm setting the sslcapath option to '/etc/ssl/certs' or 'etc/pki/tls/certs' and just get the "error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" error.

@FabianKoestring
The correct answer is to set the context option
cafile`` to *'/etc/ssl/certs/ca-bundle.crt'* (or certificate-bundle.crt as the case may be, do alocate crt``` (cert, pem, etc) on your system and find out where your certificates are. If it's just one file, you need to use a workaround.

More details here:
zendframework/zendframework#5870