PHP stream_socket_client not working in chrooted environment

Question

I try to use stream_socket_client() to open a ssh connection, but getting:

Could not open socket: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-06-22T13:07:35+02:00 EMERG (0): #0 [internal function]: Zend\Mail\Protocol\AbstractProtocol->Zend\Mail\Protocol\{closure}(2, 'stream_socket_c...', '/httpdocs/vendo...', 213, Array)
#1 /httpdocs/vendor/zendframework/zend-mail/src/Protocol/AbstractProtocol.php(213): stream_socket_client('ssl://lotsearch...', 0, '', 30)
#2 /httpdocs/vendor/zendframework/zend-mail/src/Protocol/Smtp.php(185): Zend\Mail\Protocol\AbstractProtocol->_connect('ssl://lotsearch...')
#3 /httpdocs/vendor/zendframework/zend-mail/src/Transport/Smtp.php(397): Zend\Mail\Protocol\Smtp->connect()
#4 /httpdocs/vendor/zendframework/zend-mail/src/Transport/Smtp.php(383): Zend\Mail\Transport\Smtp->connect()
#5 /httpdocs/vendor/zendframework/zend-mail/src/Transport/Smtp.php(394): Zend\Mail\Transport\Smtp->lazyLoadConnection()
#6 /httpdocs/vendor/zendframework/zend-mail/src/Transport/Smtp.php(251): Zend\Mail\Transport\Smtp->connect()

I am executing this command in an chrooted environment. If I use "normal" bash as shell, everything works fine. At first I thought that the chrooted-user needs access to openssh binary. But even with access to it, it does not work.

wget https://google.com does not work also by the way.

Any thoughts how to get the ssl certificate verifying working in a chrooted environment?

Answer 1

Ok I figured it out:

You need to make the following available in the chrooted environment:

/usr/bin/openssl
/usr/lib/ssl
/etc/ssl
/usr/share/ca-certificates

Then PHP's stream_socket_client() function is able to SSL verify certificates. Wget is now also working for SSL-secured websites wget https://google.com.