Security Upgrade Breaks Composer

Screen Shot 2016-02-22 at 9.52.58 AM While setting up a fresh Symfony installation, I discovered my composer was broken.

When I ran this.

composer update

I got this.

The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
https://packagist.org could not be fully loaded, package information was loaded from the local cache and may be out of date

I’m running the development version of composer, so I ran this to see if a self update would help.

composer self-update

But I got this instead.

[Composer\Downloader\TransportException]
  The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
  error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Failed to enable crypto
  failed to open stream: operation failed

I’ve been messing around with my LAMP stack, so I don’t know if I introduced this issue or if something recently changed with packagist or composer, but here’s the fix.

Run this.

wget http://curl.haxx.se/ca/cacert.pem

Then run this.

curl -sS https://getcomposer.org/installer | php -- --cafile=cacert.pem

I store my composer.phar /usr/local/bin so I moved it there.

Now it works again.

For some background, on March 10, 2014, composerista member Seldaek (Jordi Boggiano) said this, “The core issue is just that yesterday I merged his PR to do properly verified SSL (as opposed to stock PHP SSL which really only checks SSL is in use but doesn’t check the certificate matches anything).”

Share Button

Leave a Reply

Your email address will not be published.