Handling "Unhandled link error" on SSL cert problem

Open on Drupal.org →

Created on 18 November 2023, about 1 year ago

Updated 16 January 2024, 11 months ago

Problem/Motivation

https://curl.se/libcurl/c/libcurl-errors.html#CURLEPEERFAILEDVERIFICATION

Unhandled link error https://agewell-nce.ca/about-us has been found: : cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://agewell-nce.ca/about-us.
Unhandled link error https://agewell-nce.ca/archives/8923 has been found: : cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://agewell-nce.ca/archives/8923.
Unhandled link error https://cmd-f.nwplus.io has been found: : cURL error 3:
Unhandled link error https://modularity.info/ has been found: : cURL error 60: SSL: no alternative certificate subject name matches target host name 'modularity.info' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://modularity.info/.
Unhandled link error https://modularity.info/conference/2015/ has been found: : cURL error 60: SSL: no alternative certificate subject name matches target host name 'modularity.info' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://modularity.info/conference/2015/.
Unhandled link error https://quickbooks.intuit.com/ has been found.
Unhandled link error https://www.cdgdc.edu.cn/xwyyjsjyxx/aboutus/intro/277270.shtml has been found.
Unhandled link error https://www.chairs-chaires.gc.ca/ has been found: : cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://www.chairs-chaires.gc.ca/.
Unhandled link error https://www.cs.bham.ac.uk/internal/modules/2012/06-23636/ has been found: : cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://www.cs.bham.ac.uk/internal/modules/2012/06-23636/.
Unhandled link error https://www.cs.bham.ac.uk/internal/modules/2012/06-23899/ has been found: : cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://www.cs.bham.ac.uk/internal/modules/2012/06-23899/.
Unhandled link error https://www.cs.bham.ac.uk/internal/modules/2016/06-02578/ has been found: : cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://www.cs.bham.ac.uk/internal/modules/2016/06-02578/.
Unhandled link error https://www.cs.bham.ac.uk/internal/modules/2016/06-20008/ has been found: : cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://www.cs.bham.ac.uk/internal/modules/2016/06-20008/.
Unhandled link error https://www.eluta.ca/ has been found.
Unhandled link error https://www.techinterview.org/ has been found: : cURL error 60: SSL certificate problem: certificate has expired (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://www.techinterview.org/.

Steps to reproduce

Proposed resolution

Find a way to conditionally or otherwise skip reporting the cert errors or ignore them.

Guzzle equivalent to

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

Remaining tasks

User interface changes

API changes

Data model changes

📌 Task

Status

Needs review

Version

2.0

Component

Code

Created by

🇨🇦Canada joelpittet Vancouver

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Merge Requests

!55Handling "Unhandled link error" on SSL cert problem
Open
🇨🇦Canada joelpittet
updated about 1 year ago

Comments & Activities

Issue created by @joelpittet
Comment about 1 year ago →
🇳🇴Norway eiriksm Norway
I think we already have an alter hook or event for changing the headers of the request. Maybe we can add one for guzzle options as well at least, as a first step?
Comment about 1 year ago →
🇨🇦Canada joelpittet Vancouver
@eiriksm thanks for the reply.

Here's the docs
https://docs.guzzlephp.org/en/stable/request-options.html?highlight=veri...

I'm torn on this turning "verify": FALSE option as it says "don't" in the docs, but we can't control other people's poor SSL practices...

Here's an MR that tries to get the ball rolling and something we can test to see if it solves part of the problem.
Comment about 1 year ago →
🇨🇦Canada joelpittet Vancouver
Should anybody need to care about their out bound links SSL certs?
Merge request !55Disable verify SSL → (Open) created by joelpittet
Open in Jenkins → Open on Drupal.org →
Core: 9.5.x + Environment: PHP 8.1 & MySQL 8
last update about 1 year ago
86 pass
Status changed to Needs review about 1 year ago5:56pm 20 November 2023
Comment about 1 year ago →
🇨🇦Canada joelpittet Vancouver
Open in Jenkins → Open on Drupal.org →
Core: 9.5.x + Environment: PHP 8.1 & MySQL 8
last update 11 months ago
86 pass
Comment 11 months ago →
🇨🇭Switzerland idflood
Here is a patch file with the change from the merge request.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024