TOP

gitとcomposerで自己証明書のエラー対処

2016-05-17 16:53:23

自己証明書でSSLしたオレオレgitリポジトリサーバ(以下、オレオレ)と通信する場合のエラー対処

オレオレから、git clone

$ git clone https://example.com/repos.git
Cloning into 'repos'...
fatal: unable to access 'https://example.com/repos.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

自己証明書を持って来て.gitconfigでPATHを指定する

$ vim ~/.gitconfig

[http]
    sslCAInfo = /path/to/shomeisho.crt  ※証明書のPATH

オレオレから、composer install

オレオレにSatisを入れてそこからパッケージを引っ張ってくる場合

$ cat composer.json
{
    "name": "example.com/web",
    "description": "web example.",
    "homepage": "http://example.com",
    "authors": [
        {
            "name": "John Smith",
            "email": "john@example.com"
        }
    ],
    "repositories": [
        {
            "url": "https://example.com/satis/",
            "type": "composer"
        },
        {"packagist": false}
    ],
    "require": {
        "web/package1":"dev-master",
        "web/package2":"dev-master"
    }
}

$ php composer.phar install
Loading composer repositories with package information
The "https://example.com/satis/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
https://example.com/satis could not be fully loaded, package information was loaded from the local cache and may be out of date
Installing dependencies (including require-dev)
  - Installing web/package1 (dev-master 0364a7a)
    Cloning 0364a7a030b9a178bf231ec409a2b938b708b536

  [RuntimeException]
  Failed to execute git clone --no-checkout 'https://example.com/web/package1.git' '/var/tmp/composer-test/vendor/web/package1' && cd '/var/tmp/composer-test/vendor/web/package1' && git remote add composer 'https://example.com/web/package1.git' && git fetch composer

  Cloning into '/var/tmp/composer-test/vendor/web/package1'...
  fatal: unable to access 'https://example.com/web/package1.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

install [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--no-plugins] [--no-custom-installers] [--no-scripts] [--no-progress] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [packages1] ... [packagesN]

オレオレ側ではなく、クライアント側のphp.iniに以下を追記

curl.cainfo=/path/to/shomeisho.crt  ※証明書のPATH
openssl.cafile=/path/to/shomeisho.crt   ※証明書のPATH