Due to a change of the SSL certificate for all *.typo3.org domains, some composer clients are not able to connect to composer.typo3.org anymore due to a outdated CA bundle.
When calling composer commands an error is thrown about certificate verification failure. e.g.
$ composer update
Loading composer repositories with package informationThe "https://composer.typo3.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Or when installing a TER extension:
$ composer install
- Installing typo3-ter/static-info-tables (6.5.1): Downloading (failed)
The "https://extensions.typo3.org/extension/download/static_info_tables/6.5.1/t3x/" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
To fix this issue, make sure your composer is using a current CA bundle which will include our CA ("DigiCert Global Root G2")
Mac OS X:
Look for the location of your cafile by:
php -r 'var_dump(openssl_get_cert_locations());'
Then set composer to use this (with the example in my case):
composer config --global cafile '<location of cafile>'
composer config --global cafile '/usr/local/etc/openssl/cert.pem'
apt-get install --only-upgrade ca-certificates
RedHat / CentOS:
yum update ca-certificates
We will update the solutions as soon as possible for the other OS.
Due to a possible information leak in our CI setup, we re-issued our *.typo3.org once again (same IM/CA certificate)