[#9367] - Captcha - ReCaptcha [error on check answer].
- Closed
- 10 Mar 2016
- Urgent
- Build: master
- # 9367
Steps to reproduce the issue
1: Enable and configure the plugin "Captcha - ReCaptcha".
2: Enable user registration and specify you whant to use "Captcha - ReCaptcha".
3: Try to create a new account.
Expected result
A page with the Message:
Your account has been created and an activation link has been sent to the email address you entered.
Note that you must activate the account by selecting the activation link when you get the email before you can login.
Actual result
An error page with this message:
0 SSL certificate problem: unable to get local issuer certificate
Call stack
1 JApplicationCms->execute() C:\xampp\htdocs\my_project_home\index.php:49
2 JApplicationSite->doExecute() C:\xampp\htdocs\my_project_home\libraries\cms\application\cms.php:257
3 JApplicationSite->dispatch() C:\xampp\htdocs\my_project_home\libraries\cms\application\site.php:230
4 JComponentHelper::renderComponent() C:\xampp\htdocs\my_project_home\libraries\cms\application\site.php:191
5 JComponentHelper::executeComponent() C:\xampp\htdocs\my_project_home\libraries\cms\component\helper.php:380
6 require_once() C:\xampp\htdocs\my_project_home\libraries\cms\component\helper.php:405
7 JControllerLegacy->execute() C:\xampp\htdocs\my_project_home\components\com_users\users.php:15
8 UsersControllerRegistration->register() C:\xampp\htdocs\my_project_home\libraries\legacy\controller\legacy.php:728
9 JModelForm->validate() C:\xampp\htdocs\my_project_home\components\com_users\controllers\registration.php:137
10 JForm->validate() C:\xampp\htdocs\my_project_home\libraries\legacy\model\form.php:306
11 JForm->validateField() C:\xampp\htdocs\my_project_home\libraries\joomla\form\form.php:1187
12 JFormRuleCaptcha->test() C:\xampp\htdocs\my_project_home\libraries\joomla\form\form.php:1968
13 JCaptcha->checkAnswer() C:\xampp\htdocs\my_project_home\libraries\cms\form\rule\captcha.php:52
14 JEvent->update() C:\xampp\htdocs\my_project_home\libraries\cms\captcha\captcha.php:199
15 call_user_func_array() C:\xampp\htdocs\my_project_home\libraries\joomla\event\event.php:69
16 PlgCaptchaRecaptcha->onCheckAnswer()
17 PlgCaptchaRecaptcha->getResponse() C:\xampp\htdocs\my_project_home\plugins\captcha\recaptcha\recaptcha.php:152
18 JReCaptcha->verifyResponse() C:\xampp\htdocs\my_project_home\plugins\captcha\recaptcha\recaptcha.php:198
19 JReCaptcha->_submitHTTPGet() C:\xampp\htdocs\my_project_home\plugins\captcha\recaptcha\recaptchalib.php:131
20 JHttp->get() C:\xampp\htdocs\my_project_home\plugins\captcha\recaptcha\recaptchalib.php:97
21 JHttpTransportCurl->request() C:\xampp\htdocs\my_project_home\libraries\joomla\http\http.php:175
System information (as much as possible)
PHP Built On: Windows NT PLUTONE 6.2 build 9200 (Windows 8 Home Premium Edition) i586
Database Version: 5.6.21
Database Collation: latin1_swedish_ci
Database Connection Collation: utf8mb4_general_ci
PHP Version: 5.6.3
Web Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.6.3
WebServer to PHP Interface: apache2handler
Joomla! Version: Joomla! 3.5.0-rc Release Candidate [ Ember ] 10-March-2016 00:30 GMT
Joomla! Platform Version: Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
Additional comments
A similar configuration (different plugins keys because the domain is different) on Joomla! 3.4.8 works.
@andrepereiradasilva dont think that can be the case as @maxvalentini77 stated it works on the same server with 3.4.8 BUT there are different plugins
if you see the last line of the callback posted by @maxvalentini77 you can see it stops at https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/http/http.php#L175 which in turn calls the JHttpTransportCurl request method https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/http/transport/curl.php#L61.
That is returning an error:
0 SSL certificate problem: unable to get local issuer certificate
I think that normally this is a cURL error that signifies that curl cannot check the certificate chain of trust.
But @maxvalentini77 you can do a simple test (just to check if this is the issue - verify peer should NOT be disabled), what happens if you put ...
$options[CURLOPT_SSL_VERIFYPEER] = false;in this line https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/http/transport/curl.php#L174
I have make the test again.
Same computer, same php, same db, same apache, just 2 different virtual host.
(is my development computer)
The difference in the plugin configuration are only the public key and the secret key.
On Joomla! 3.4.8 works, on Joomla! 3.5.0 RC I got the error.
@andrepereiradasilva
I try adding the line as you suggest and works.
In some ways default parameter for curl has changed from 3.4.8 to 3.5.0 RC.
I think other peaple like me will get the error.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/9367.
If the required root certificates aren't in the cacert.pem, it could. Simple tests then are to use cacert.pem shipped with 3.4.8 on current staging and current staging's cacert.pem on 3.4.8.
@mbabker @andrepereiradasilva
I swapped the files "/libraries/joomla/http/transport/cacert.pem" and now i have the error on Jommla! 3.4.8 and not on Joomla! 3.5.0 RC.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/9367.
thanks @mbabker for the enlightenment and thanks @maxvalentini77 for the tests
so .. that's the problem.
But this URI (https://www.google.com/recaptcha/api/siteverify) is the www.google.com domain ...
From https://www.ssllabs.com/ssltest/analyze.html?d=www.google.com&s=172.217.2.36&hideResults=on i think it uses the "GeoTrust Global CA" that is in both cacert.pem ...
Should be verified right?
But i also see this is signed by "Equifax Secure Certificate Authority".
Don't know why but i think the problem is with this CA. (It was removed 3 days ago 095a0af)
- 3.5.0 RC: doesn't exist
- 3.4.8: https://github.com/joomla/joomla-cms/blob/3.4.x/libraries/joomla/http/transport/cacert.pem#L21
@maxvalentini77
can you test just adding this CA certificate (https://github.com/joomla/joomla-cms/blob/3.4.x/libraries/joomla/http/transport/cacert.pem#L21-L40) in 3.5.0 RC cacert.pem to see if this is the problem?
UPDATE: please notice that Mozilla still hasn't removed the Equifax 1024 bit root because of problems with removing that CA root before. See http://mxr.mozilla.org/mozilla-release/source/security/nss/lib/ckfw/builtins/certdata.txt (search for equifax). You can also check that this root is in the latest Firefox version.
Don't know why curl removed it tough.
@andrepereiradasilva
I add the Equifax Secure CA certificate in the cacert.pem file of the 3.5.0 RC and works.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-03-10 23:34:20 |
| Closed_By | ⇒ | wilsonge |
I've decided to move us to the centos cacert.pem from the mozilla one. It sucks hard - but we are getting screwed over by github's amazon s3 cert as well at the moment and this solves that problem as well
we are getting screwed over by github's amazon s3 cert as well
Where? They refreshed their certificate last October. Unless there's still a validation issue somewhere that nobody's reported, that's a closed 6-month-old item.
The AmazonS3 cert is fine. We don't have any issues anymore and their root CA is in our cacert.pem file. We were covered for that.
Can't reproduce the problem on 3.5.0 RC.
Anyway, the problem seems to be that your server, somehow, can't connect with
cURLvia HTTPS to google recaptcha server.