nixos/apache-httpd: SSL requests fail in PHP because of missing certificates

[cschomburg]

When using simple PHP in Apache, all SSL functions fail at certificate verification (e.g. file_get_contents("https://google.com") or stream_socket_client()). Looks like Apache does not find the system root certificates.

OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

{
  services.httpd = {
    enable = true;
    enablePHP = true;
  };
}

Adding { systemd.services.httpd.environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; } fixes this. Looks like it's related to #8247.

[cleverca22]

the same problem exists in services.phpfpm

systemd.services.phpfpm.environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";

and the above doesn't fix it
i was able to fix it by copying php-recommended.ini from the php package and making the following change, then using services.phpfpm.phpIni = ./php-recommended.ini;

[openssl]
openssl.cafile=/etc/ssl/certs/ca-bundle.crt

but now i have to manually keep that version in-sync with php if any security/compat changes happen

[zimbatm]

Is this still an issue ? #12748 should have fixed this. Please let me know if I'm mistaken.