API is downloading outdated ca.pem, putting it in a wrong place and later not referencing it at all

[cmp-nct]

The API downloads a file called ca.pem for SSL authentication by cURL. The idea is to solve SSL issues, in practice it will to the opposite.

Issue 1: It puts that file into the local folder, when calling from CLI you'll have the file all over the place in your system depending on where your path currently is.

Issue 2: PHP.ini references to such a certificate collection. Certainly not in the random place the API puts it! So the file is not used at all. It could be referenced as CURLOPT or in php.ini, but none of that is done

Issue 3: The download is invalid. The correct URL is https://curl.se/ca/cacert.pem The downloading function has disabled "follow location" so it creates a HTML file called ca.pem which says something like "File not there, go to Location: ....

[dmzoneill]

Hi Compunect,

I updated it to be https://curl.se/ca/cacert.pem If you feel like putting in something more substantial. Pull request are welcome

thanks for the issue

[cmp-nct]

Hi, while that fixes the error downloading the cert, the API is not using that cert anywhere. Either the cert needs to be put into the system folder (that should only be done manually by an admin) or it needs to be referenced as curlopt. Except if there is an undocumented feature in curl that looks in "current PWD" ?

I've been looking through the API and we decided not to use it but build an own instead, it sadly did not seem finished enough. So there won't be substantial work I can provide ;/