Google OpenID not working with OpenID plugin in WordPress

Question

The OpenID plugin for WordPress doesn\'t seem to accept either of the Google OpenID provider links:

http://google.com/profiles/username

or<

Answer 1

The problem is solved. Since Google, Yahoo and some other OpenID providers provide https endpoints, curl tries to verify the other end when making a POST request to it -- since curl does not come with a pack of CA certificates, it fails on all such endpoints.

The solution is either to tell curl not to verify the provider or give it the correct CA certificate for Google.

Answer 2

I was getting the same error and inspecting apache error logs I got the following

CURL error (60): SSL certificate problem: unable to get local issuer certificate

This was being caused by curl calls from the OpenID plugin.

The following worked for me. Source: https://stackoverflow.com/a/21114601/3826642

1. Use this certificate root certificate bundle: https://curl.haxx.se/ca/cacert.pem

2. Copy this certificate bundle on your disk. And use this on php.ini

   curl.cainfo = "path_to_cert\cacert.pem"

Be sure to restart the server after you make changes.

Answer 3

Please check for missing plugins in php installtion

/etc/php.d/dom.ini, 
/etc/php.d/mysql.ini, 
/etc/php.d/mysqli.ini, 
/etc/php.d/pdo_sqlite.ini, 
/etc/php.d/wddx.ini, 
/etc/php.d/xmlreader.ini, 
/etc/php.d/xmlwriter.ini, 
/etc/php.d/xsl.ini, 

Answer 4

Must be an issue with the CA certificates on your server. Google has a lot of trouble with their certificates.

Also, I have got this working on my system with Apache, may be trouble with your server too. Try finding a pack of CA certificates for your system and installing it.

Answer 5

As @Vanwaril and @tarantinofan pointed out, the correct way to do this is get the proper certs installed on your server.

If however, you choose to take the other route, as @Vanwaril mentioned, and comment out the lines in the openid code base that is responsible for the endpoint verification then do the following:

openid\lib\Auth\Yadis\ParanoidHTTPFetcher.php - insert the following line after line 152

curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);

openid\liv\Auth\OpenID\consumer.php - comment out lines 970 to 979 in the _idResCheckSignature function so that the function returns null rather than an openid error

Again, this is not recommended but you can at least move forward until you can get the proper certs installed on your server.

EDIT: and this link is very helpful for dealing with the certs: https://web.archive.org/web/20090214215411/http://curl.haxx.se/docs/sslcerts.html