Drupal doesn't like SSL (HTTPS) feeds

[pkosenko]

Just a heads up for people who user Drupal. Every time I try to import Librivox feeds in Drupal, I get an error that cURL was unable to read the SSL certificate. It seems that Drupal feeds do not do that, and hence fail trying to import ANYTHING from SSL (HTTPS). I am wondering if many of the problems you are having with feeds isn't related to this. Things might be easier if you could reinstitute feeds as simple HTTP?

HRCurlException: cURL error (60) SSL certificate problem: unable to get local issuer certificate for https://librivox.org/api/feed/audiobooks/?id=52&format=json in http_request_get() (line 187 of C:\. . \sites\all\modules\feeds\libraries\http_request.inc).

[RuthieG]

I know absolutely nothing about Drupal or cURL, but I do remember that cURL has come up before. Does this post help at all?

Ruth

[pkosenko]

I know absolutely nothing about Drupal or cURL, but I do remember that cURL has come up before. Does this post help at all?

Ruth

I am no expert either. But the issue is indeed the one in the post you refer to. I would have to figure out HOW to implement "referring to the certificate in another location" -- whatever is implied by that. It sounds like you have to download the cert and include it in your own application? But it would also require fixing the Drupal Feeds module with a patch that enabled finding it in that other location.

I see that in the Drupal implementation of Feeds seems to always use the default FALSE for $accept_invalid_cert, which leaves it trying to validate the certification and then failing when it can't. If you set it to TRUE, it would ignore the effort to validate, but none of the functions that call http_request_get presently allow for passing in that TRUE setting (maybe for security reasons?). And I don't know HOW to "supply" that "alternate" certificate.

$download = http_request_get($url, NULL, NULL, $accept_invalid_cert);

[pkosenko]

Well, I have an interim solution, which is to hack the Drupal Feeds module code to change (hardcode) $accept_invalid_cert to TRUE (for all cases). That still gives the error message but it allows the items to be imported. The issue them becomes whether or not the Feeds module maintainers are willing to update the module to include such an option (and/or the other option of an alternate cert file). I will have to try to suggest that, I suppose, and maybe try to contribute some code for it. The problem with hacking drupal code is that whenever a module update appears and you install it, you wipe out your own hacked code (but in this case not difficult to redo). The other option is to see whether the functions can't be overridden with some sort of Drupal Alter function.

And here is a Drupal post related to the issue that any Drupal users might want to look at:

https://drupal.org/node/1062178

But for the time being, the RSS feed import works:

******************

cURL error (60) SSL certificate problem: unable to get local issuer certificate for https://librivox.org/rss/latest_releases

Status

•Last import: 2 sec ago.
•10 imported items total. <-- NOTE (now imports anyway)

URL *

Enter a feed URL.

https://librivox.org/rss/latest_releases

[pkosenko]

I realize I am talking to Drupal programmers here, but there are lots of them, and some might want to implement Librivox feeds.

The following gets rid of the error message and requires a fix in only one place right before cURL is invoked:

In "http_request.inc":

// if ($accept_invalid_cert) { // This is always FALSE in Feeds module
curl_setopt($download, CURLOPT_SSL_VERIFYPEER, 0); // Now always TRUE
// }

But again, it is only an interim solution until some fixes to the Feeds module are made.

By the way, WHAT IS the path to the librivox certificate? That could also be reset rather than CURLOPT_SSL_VERIFYPEER, although you really don't want to do it as a general hardcoded option.

If the option of setting an alternative CAPATH can be added to the Drupal Feeds module UI, and $accept_invalid_cert made a REAL configuration option in the UI, the problem of loading Librivox feeds in Drupal wouldn't require the above hack.

[annise]

By the way, WHAT IS the path to the librivox certificate? That could also be reset rather than CURLOPT_SSL_VERIFYPEER, although you really don't want to do it as a general hardcoded option.

As I said via email - there is probably no one here reading this that knows the answer at present - so it isn't that we don't care , it is just that none of us have access to do anything about it - but at least if it is here we have something to refer people to.

Anne