1<?php
2namespace GuzzleHttp\Ring\Client;
3
4/**
5 * Client specific utility functions.
6 */
7class ClientUtils
8{
9    /**
10     * Returns the default cacert bundle for the current system.
11     *
12     * First, the openssl.cafile and curl.cainfo php.ini settings are checked.
13     * If those settings are not configured, then the common locations for
14     * bundles found on Red Hat, CentOS, Fedora, Ubuntu, Debian, FreeBSD, OS X
15     * and Windows are checked. If any of these file locations are found on
16     * disk, they will be utilized.
17     *
18     * Note: the result of this function is cached for subsequent calls.
19     *
20     * @return string
21     * @throws \RuntimeException if no bundle can be found.
22     */
23    public static function getDefaultCaBundle()
24    {
25        static $cached = null;
26        static $cafiles = [
27            // Red Hat, CentOS, Fedora (provided by the ca-certificates package)
28            '/etc/pki/tls/certs/ca-bundle.crt',
29            // Ubuntu, Debian (provided by the ca-certificates package)
30            '/etc/ssl/certs/ca-certificates.crt',
31            // FreeBSD (provided by the ca_root_nss package)
32            '/usr/local/share/certs/ca-root-nss.crt',
33            // OS X provided by homebrew (using the default path)
34            '/usr/local/etc/openssl/cert.pem',
35            // Windows?
36            'C:\\windows\\system32\\curl-ca-bundle.crt',
37            'C:\\windows\\curl-ca-bundle.crt',
38        ];
39
40        if ($cached) {
41            return $cached;
42        }
43
44        if ($ca = ini_get('openssl.cafile')) {
45            return $cached = $ca;
46        }
47
48        if ($ca = ini_get('curl.cainfo')) {
49            return $cached = $ca;
50        }
51
52        foreach ($cafiles as $filename) {
53            if (file_exists($filename)) {
54                return $cached = $filename;
55            }
56        }
57
58        throw new \RuntimeException(self::CA_ERR);
59    }
60
61    const CA_ERR = "
62No system CA bundle could be found in any of the the common system locations.
63PHP versions earlier than 5.6 are not properly configured to use the system's
64CA bundle by default. In order to verify peer certificates, you will need to
65supply the path on disk to a certificate bundle to the 'verify' request
66option: http://docs.guzzlephp.org/en/5.3/clients.html#verify. If you do not
67need a specific certificate bundle, then Mozilla provides a commonly used CA
68bundle which can be downloaded here (provided by the maintainer of cURL):
69https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt. Once
70you have a CA bundle available on disk, you can set the 'openssl.cafile' PHP
71ini setting to point to the path to the file, allowing you to omit the 'verify'
72request option. See http://curl.haxx.se/docs/sslcerts.html for more
73information.";
74}
75