Ticket #264 (closed defect: invalid)

Opened 6 months ago

Last modified 5 months ago

Some openids work, other do not

Reported by: http://clickpass.com/public/joncianciullo Assigned to:
Priority: critical Milestone:
Keywords: Cc:
Project: php-openid OpenID Protocol: OpenID 2.x
Series: 2.x.x Web Browser:

Description

This is really strange, on the online example, all my openids work. However, on my server some do, some don't.

The problem seems to be /Auth/OpenID/Consumer.php line 338 $endpoint is getting set as null ...

Is there an additional server tweak that is needed?

Change History

06/19/08 13:52:30 changed by http://clickpass.com/public/joncianciullo

  • priority changed from major to critical.
  • project set to php-openid.
  • protocol set to OpenID 2.x.
  • series set to 2.x.x.
  • milestone set to Lib release 6/5.

I've tested on another independent server, running the stock consumer example and still some openids simply do not work.

06/19/08 15:12:54 changed by http://j3h.us/

  • milestone deleted.

Can you give some more details about your platform? It'd also be very helpful if you could list some OpenIDs that do work and some that do not.

There is a script included with the PHP library in the examples directory (discover.php) that will just perform discovery and print out the result. If you could try this script, it may be helpful.

Thanks for the report.

06/19/08 18:34:45 changed by http://clickpass.com/public/joncianciullo

I've tested several openids and they work on many other sites, and they also work in the test script on the homepage for OpenID Enabled. So the openids are valid.

I've simply downloaded the files and uploaded them to 2 independent servers. Both servers that I've tested on are Linux, one with php 4.4.7 and the other php 5.2.6.

Server 1: phpinfo() OpenId Example

Server 2: phpinfo() OpenId Example

This openid works: http://jon.cianciullo.myopenid.com/

These openids don't work: https://openid.claimid.com/joncianciullo http://jon.is.engagd.com

I haven't edited the openid script, and the cache path I set is also correct.

I'm wondering if its perhaps that the openid servers are SSL (https) ... ?

06/19/08 19:50:05 changed by http://clickpass.com/public/joncianciullo

I tried discovery.php and for the openid that is working I got all the information. For the openids that are not I got this output:

Discovery Results for http://clickpass.com/public/joncianciullo[[BR]]

Claimed Identifier http://clickpass.com/public/joncianciullo[[BR]]

No OpenID services discovered.

06/19/08 19:59:26 changed by http://clickpass.com/public/joncianciullo

Here is server #1 detect.php

06/21/08 12:30:23 changed by http://clickpass.com/public/joncianciullo

It turns out this issue is in fact related to the curl install on the server.

... I got the following error from curl in the get() method of Auth/Yadis/ParanoidHttpFetcher.php:

SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Possible solution:
The curl installation is using an old CA list that doesn't have a current key for the authority. This may be fixed by updating the CA bundle as per the instructions at http://curl.haxx.se/docs/sslcerts.html and http://curl.haxx.se/docs/caextract.html

06/25/08 14:26:25 changed by http://keturn.myopenid.com/

  • status changed from new to closed.
  • resolution set to invalid.