Google-api-php-client: Unsupported SSL context options are set. The following options are present, but have been ignored: cafile

Having the same issue:

[message:protected] => HTTP Error: Unable to connect: 'fopen(https://www.googleapis.com/bigquery/v2/projects/%PROJECT-ID%/jobs): failed to open stream: Unsupported SSL context options are set. The following options are present, but have been ignored: cafile
Fetch error'
[string:Exception:private] =>
[code:protected] => 2
[file:protected] =>....................vendor/google/apiclient/src/Google/IO/Stream.php
[line:protected] => 141

_Edit:_
Forgot to mention it is intermittent!

I am not using any SSL certificates so I commented this line out of IO/Stream.php
$requestSslContext["cafile"] = dirname(__FILE__) . '/cacerts.pem';
That solved my issue for now until this problem is fixed.

Also getting this issue.

Also getting this issue.
I don't think I made any changes that could lead to it.

I'm getting this error every other week, and for one day only. Something is wrong with the SSL and the API. I just can't find what it is.
The good part: it doesn't affect functionality. Being honest, it is just garbage in the log.

Garbage in the log is bad. I'm running this on app engine and now I can't tell which errors really need attention because they all show the same error label. Not so bad in a low traffic system, but when you're getting millions of requests every day, it gets a bit laborious finding where the errors are.

The error is back...I'm gettin tons of this errors in the log, yet the application is working.

I just don't know what it is or what part of the code is triggering the error.

Any suggestions? anybody?

I've been studing this thing and I'm thinking - please correct me if I'm wrong - that this could be a certificate error: cacerts.pem.

Looking into Stream.php (the only place in the code where the 'cafile' is present), I can see that the code is loading a public certificate list. And I took the liberty to check every certificate... all of them valid.

So, again, if anyone has a clue of what might be going on, that will be most appreciated.

Hi @nebadom,
file_get_contents in GAE environment uses proxy service called URL Fetch to make requests and exception comes from there.

• When connecting to web sites using HTTPS, the default behavior is to validate the certificate of the host and reject requests where the vertificate does not match. This is the opposite to the default behavior of PHP, and to change this behavior you can set the value of verify_peer to false in the ssl section of the context parameters.
• All other values of ssl contexts options are ignored.
  (From documentation )

So, for URL Fetch only possible parameter in ssl context is verify_peer, any other parameter ignored and writes warning with unnecessary high log level every time the request is made.

To fix this, you could comment cafile key from ssl contenxt in IO/Stream.php file like suggested by @karensg. It can be safely removed because it does nothing in GAE PHP runtime.

I commented the line 91 as proposed and it worked like a charm.

Thanks!

Im just testing the last tagged version (1.1.5) and the "Unsupported SSL context options are set. The following options are present, but have been ignored: cafile" is still present.

It's possibly because you are still setting "curl.cafile" in your php.ini.

I'm using google cloud. I have no php.ini but app.yaml. And no, I have no such "curl.cafile" anywhere in my code.

What I'm doing is the same as before: commented the line 91 from Stream.php (even with the last 1.1.5 version) and I got rid of the log errors related to cafile. Is not what we might call a "clean solution", but it works.

@bshaffer AppEngine has no 'cafile' option... This is the reason of pull request #631 .

@nebadom the pull request #631 was not merged yet!

I'm getting the same error, but with "allow_self_signed" as well as "cafile" being ignored.

@nebadom @karensg where exactly is the Stream.php file you are editing please? Couldn't find it in the app engine folder on my Windows 7 box...

Thanks

@ajck the file is inside the Google Api Php client folder:

google-api-php-clientsrcGoogleIOStream.php

Also getting this error when calling Google API permission->delete

Unsupported SSL context options are set. The following options are present, but have been ignored: allow_self_signed, cafile

I am using version google/apiclient:^2.0.0@RC and they refactored it a bit and there is no Stream.php anymore.

@mxmz- The new version uses Guzzle behind the scenes which as I've seen adds the two options.

Still looking for a way to disable that!

The issue is currently not resolved. Getting Unsupported SSL context options are set. The following options are present, but have been ignored: allow_self_signed, cafile when running on App Engine.

Yes... Guzzle forces those options. And I don't think there is a way of turning them off.

For now after `composer install ' I comment the code from within the Guzzle lib.
Yes it's not perfect but it gives me clear/clean logs.

I just upgraded to the new v2 version of the library and i'm getting this error again, however the IO/Stream.php file does not seem to exist. Am I missing something?

The v2 is now using Guzzle.
Just make a full search of "cafile" to find where you'll to comment.

Yes, I ended up finding it in there. Thanks.

Is this still an issue?

Hi,

Guys, are talking about development or production environment?

I really used this to communicate with GCM on production which I feel it is still inside Google Main Land, and now I need to connect to open web "Outside Google", which is a bad idea to use this technique as I think.
Because, I feel any warnings about SSL is told me it is insecure practice.
I don't know, maybe GCM Servers are outside too, Ha ha ha.

I just put cacert.pem to the app root directory and still no luck.

Is there any clear solution for a hosted project on GAE which make our project safe to connect with any foreign sever on the web?

Thanks