Problem/Motivation
At some point the Guzzle library was updated, forcing Windows users to manually configure the curl.cainfo setting in order to be able to install Drupal in languages other than English.
As far as I can tell from their GitHub repos, Guzzle used to provide a cacert.pem, but they don't seem to do that anymore. Now, on Windows libcurl (which is used to drive the curl extension for PHP) can't access Windows's certificate store. It needs this information however to check if the SSL certificates provided on https:// URL's are valid. cacert.pem basically contains a dump of the most well-known certificate authorities, these are the companies giving out commercial SSL certificates.
This is the error thrown to the user when trying to install:
The Spanish translation is not available.
The Spanish translation file is not available at the translation server. Choose a different language or select English and translate your website later.
The message is confusing because the real underlying issue is that CURL failed to negotiate SSL when trying to access the translation files.
Proposed resolution
Option A:
If running on a Windows platform Drupal whould verify that curl.cainfo is properly configured and if not, prompt the user to do so. Other parts of core - such as updates from remote server - are probably also affected by this issue.
Option B:
Provide a cacert.pem file and configure it on the fly if curl.cainfo is not setup.
Remaining tasks
--
User interface changes
--
API changes
(API changes/additions that would affect module, install profile, and theme developers, including examples of before/after code if appropriate.)
Data model changes
None
Original report
Current D8 head cannot be installed on languages other than English on Windows Systems.
The exact failure happens in:
function install_check_localization_server($uri) {
try {
\Drupal::httpClient()->head($uri);
return TRUE;
}
catch (RequestException $e) {
return FALSE;
}
}
Where trying to get the translation files is throwing this exception:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
What is more puzzling is that the URI that it's trying to load is:
http://ftp.drupal.org/files/translations/8.x/drupal/drupal-8.0.0-dev.es.po
After some research I came accross this:
https://laracasts.com/discuss/channels/general-discussion/curl-error-60-...
Comment | File | Size | Author |
---|---|---|---|
#8 | 2605266-curlcainfo-required-on-windows.patch | 1.21 KB | david_garcia |
Comments
Comment #2
david_garcia CreditAttribution: david_garcia commentedThis solution works:
https://laracasts.com/discuss/channels/general-discussion/curl-error-60-...
Comment #3
cilefen CreditAttribution: cilefen commentedWhat is the version of PHP in this case?
Comment #4
david_garcia CreditAttribution: david_garcia commentedThat was 5.6.15, but I don't believe it's related.
Guzzle used to come with a cacert.pem file, but it does no more.
So there might be two things to do here:
1. Given that on windows you now need to manually setup curl.cacert to download translations, this might be somethign to check during install (and tell the user about). Also maybe in the status page.
2. This still does not explain why it is trying to deal with the SSL certificates when the remote URL is not secure (http://ftp.drupal.org/files/translations/8.x/drupal/drupal-8.0.0-dev.es.po)
Comment #5
cilefen CreditAttribution: cilefen commentedThe reason is that http://ftp.drupal.org/files/translations/8.x/drupal/drupal-8.0.0-dev.es.po redirects to https://ftp.drupal.org/files/translations/8.x/drupal/drupal-8.0.0-dev.es.po.
Comment #6
david_garcia CreditAttribution: david_garcia commentedComment #7
cilefen CreditAttribution: cilefen commentedExpanding on #5, and simply for clarity, telnet shows more clearly that it is a redirect to https.
Comment #8
david_garcia CreditAttribution: david_garcia commentedRather than implementing a workaround giving a proper message about what is going on will do the job.
Comment #9
cilefen CreditAttribution: cilefen commentedCould this happen on a non-Windows OS?
Comment #10
cilefen CreditAttribution: cilefen commentedA semi-related issue #2595927: Update guzzle to fix 100% CPU usage with curl_multi_exec() in GuzzleHttp\Handler\CurlMultiHandler->tick() during install.
Comment #11
david_garcia CreditAttribution: david_garcia commentedI don't really know about the inners of the CURL issue, but according to what I've read this will only happen on Windows because on *nix systems CURL is able to retrieve the certificates at the OS level.
Comment #12
cilefen CreditAttribution: cilefen commentedComment #13
anniekvandijk CreditAttribution: anniekvandijk commentedSame problem here. Windows 10 MAMP 3.2.0 and Drupal 8.0.2. Only English during installation works.
I think it also affects looking for available updates. When I check for updates I get the error: Failed to get available update data.
Logging:
GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) in GuzzleHttp\Handler\CurlFactory::createRejection() (line 187 of ..... \vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php).
After following this post and http://www.ambidev.com/category/drupal-8/ Got the problem solved.
Comment #14
liam.dupin CreditAttribution: liam.dupin commentedAn issue with not working updates for Drupal 8.0.2 (xampp, win7) solved #13 perfectly (i.e. download cacert.pem, write the path into php.ini and restart server)!
Comment #15
cilefen CreditAttribution: cilefen commentedFollow the instructions here: https://www.drupal.org/node/2481341 This is not something to be fixed by Drupal.
Comment #16
cilefen CreditAttribution: cilefen commentedIf there is consensus to reopen this based on #8, this issue will need a title change.