Simple Facebook Connect
[resolved] SSL Cert error when invoking sfc_remote from localhost (5 posts)

  1. kevinteo
    Posted 3 years ago #

    Hi Samuel (and others),

    I'm using SFCv1.4 and testing my code locally on WAMPServer (windows 7 laptop)

    I'm making an SFC Login call which triggers sfc_login_check in sfc-login.php. After authenticating with FB, I'm looking to get the email address associated with the FB account, to then check if the user has already registered on my WP site.

    Here's what I'm seeing while stepping through the code in debug mode:

    1. sfc_login_check invokes sfc_remote

    2. after triggering the line with wp_remote_get ("https://graph.facebook.com/oauth/access_token?client_id={$options['appid']}&redirect_uri=&client_secret={$options['app_secret']}&code={$args['code']}");

    I get this error in the debugger:
    SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

    When I issue that same request through a browser, I get an access token in the response. However, feeding this access token directly into the next wp_remote_get ($url, $args) invocation gives me an OAuth error.

    Any ideas on what I can do to work around this? Thanks in advance.



  2. Samuel Wood (Otto)
    WordPress.org Tech Dude
    Plugin Author

    Posted 3 years ago #

    When you remote_get to an SSL URL, then it will perform a certificate check (this is Curl doing that). If you have not upgraded the certificate lists on your PHP install, this will cause that error.

    You can either update the certification authority lists in your PHP install, or you can add the sslverify=>false flag to the arguments list for remote_get to make it ignore the certification verification.

  3. kevinteo
    Posted 3 years ago #

    Thanks for the quick response Samuel.

    The sslverify=>false setting works well, and I made it pass the first wp_remote_get call. After the call, $resp["body'] comes back with:


    which appears to contain more than just the access_token. I found I had to strip out "expires=3940" before the code goes into the second wp_remote_get that pulls down $data.

    I've only just started on FB's APIs so let me know if I'm doing something wrong! Thanks again.


  4. Samuel Wood (Otto)
    WordPress.org Tech Dude
    Plugin Author

    Posted 3 years ago #

    That is a query string format. Easiest way to deal with it is to pass it through wp_parse_args(). This will convert it to an array with the access_token and the expires parameter as separate entries in the array.

    Also, access tokens are like passwords. Don't post 'em publicly. I removed the one you posted above. :)

  5. kevinteo
    Posted 3 years ago #

    Thanks again Samuel!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic