Hello everybody,

I am using the latest Janrain openid library example and the discovery process seems to work well with Yahoo, and others...

But I am stuck with Google endpoint (https semicolon // Consumer.php just returns a 406 apache error, before I am redirected to google's page.

All my installation is available here :

  • Click on consumer to try the consumer example, but discovery.php fails the same way,proving it happens during discovery...
  • You can also check detect.php to check my installation - The HTTP fetching test fails with a 503 because it tries to reach an address which returns a 503. Rest is fine.

I supposed it was down to php-yadis specifying Accept: application/xrds+xml header but I checked the code and other types are also accepted such text/html and application/xhtml+xml...

Anyone came accross this ?

Any clue ?

Thank you very much !!!

+1  A: 

running the consumer example at my machine, i get the following error:

Got no response code when fetching
CURL error (60): SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

this means curl fails verifying google's https server certificate. you can workaround this by either providing curl with CA certificates to verify google's certificate via CURLOPT_CAINFO/CURLOPT_CAPATH, or - easier - stop validating the cert via CURLOPT_SSL_VERIFYPEER. the following change in Auth/Yadis/ParanoidHTTPFetcher.php accomplishes latter for me:

--- ParanoidHTTPFetcher.php.orig        2009-04-22 02:31:20.000000000 +0800
+++ ParanoidHTTPFetcher.php     2009-09-30 22:35:24.093750000 +0800
@@ -127,6 +127,9 @@
                         Auth_OpenID_USER_AGENT.' '.$curl_user_agent);
             curl_setopt($c, CURLOPT_TIMEOUT, $off);
             curl_setopt($c, CURLOPT_URL, $url);
+            // don't verify server cert
+            curl_setopt($c, CURLOPT_SSL_VERIFYPEER, FALSE);


of course, your curl installation must also support ssl - check your phpinfo(). also, if CURLOPT_SSL_VERIFYPEER is disabled, CURLOPT_SSL_VERIFYHOST may also need to be TRUE or FALSE.

see also (via the Related

Thank you very much for the answer and links ! I am still surprised that I get a 406 error and not a blank page as specified in the link. 406 is pretty specific : it's supposed to be down to response headers... Anyway, I will try this asap and let you know !
Humm.. Sadly it doesn't fix the problem.. I'll see if I can give more input. Thanks a lot for the answer, which may have fixed another problem though !In the meantime, if anyone has a clue o what could be going on here, please drop a line !
while setting CURLOPT_SSL_VERIFYHOST is quick and easy workaround it may prevent curl from detecting a 'man in the middle' attack.


I have investigated further and it seems to be down to my provider, who returns a 406 error if any string containing the death word "/id" is passed as GET parameter. Took me days to figure out it was not down to openid !!

For info I am using PlanetHoster, if anyone else ever comes accross this. I have sent them a ticket request and waiting for their answer.

This seem to have been disabled for security purposes. See this thread if you ever have the same problem :