ansaurus

Question

406 "Not Acceptable" error when using JanRain OpenID Library with Google

Answer 1

+1 A:

running the consumer example at my machine, i get the following error:

Got no response code when fetching https://www.google.com/accounts/o8/id
CURL error (60): SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

this means curl fails verifying google's https server certificate. you can workaround this by either providing curl with CA certificates to verify google's certificate via CURLOPT_CAINFO/CURLOPT_CAPATH, or - easier - stop validating the cert via CURLOPT_SSL_VERIFYPEER. the following change in Auth/Yadis/ParanoidHTTPFetcher.php accomplishes latter for me:

--- ParanoidHTTPFetcher.php.orig        2009-04-22 02:31:20.000000000 +0800
+++ ParanoidHTTPFetcher.php     2009-09-30 22:35:24.093750000 +0800
@@ -127,6 +127,9 @@
                         Auth_OpenID_USER_AGENT.' '.$curl_user_agent);
             curl_setopt($c, CURLOPT_TIMEOUT, $off);
             curl_setopt($c, CURLOPT_URL, $url);
+
+            // don't verify server cert
+            curl_setopt($c, CURLOPT_SSL_VERIFYPEER, FALSE);

             curl_exec($c);

of course, your curl installation must also support ssl - check your phpinfo(). also, if CURLOPT_SSL_VERIFYPEER is disabled, CURLOPT_SSL_VERIFYHOST may also need to be TRUE or FALSE.

see also http://www.openrest.eu/docs/openid-not-completely-enabled-for-google.php (via the Related http://stackoverflow.com/questions/818063/why-doesnt-google-openid-provider-work-with-php-openid-on-my-server).

ax 2009-09-30 15:01:15

Thank you very much for the answer and links ! I am still surprised that I get a 406 error and not a blank page as specified in the link. 406 is pretty specific : it's supposed to be down to response headers... Anyway, I will try this asap and let you know !

ccazette 2009-09-30 15:23:12

Humm.. Sadly it doesn't fix the problem.. I'll see if I can give more input. Thanks a lot for the answer, which may have fixed another problem though !In the meantime, if anyone has a clue o what could be going on here, please drop a line !

ccazette 2009-09-30 23:21:53

while setting CURLOPT_SSL_VERIFYHOST is quick and easy workaround it may prevent curl from detecting a 'man in the middle' attack.

jayarjo 2010-07-10 20:16:08

Answer 2

A:

Ok,

I have investigated further and it seems to be down to my provider, who returns a 406 error if any string containing the death word "/id" is passed as GET parameter. Took me days to figure out it was not down to openid !!

For info I am using PlanetHoster, if anyone else ever comes accross this. I have sent them a ticket request and waiting for their answer.

ccazette 2009-10-01 09:57:07

This seem to have been disabled for security purposes. See this thread if you ever have the same problem :http://stackoverflow.com/questions/1504744/why-would-id-as-a-http-get-parameter-would-be-a-security-breach

ccazette 2009-10-02 10:07:45

ansaurus

tags:

views:

answers:

406 "Not Acceptable" error when using JanRain OpenID Library with Google

related questions