PHP Version: 7.2.2

composer require paragonie/certainty:^1

When running a test to check the file path is valid using:

<?php
use ParagonIE\
{
    Certainty\RemoteFetch
};

$fetcher = (new RemoteFetch())->getLatestBundle();

echo $fetcher->getFilePath();

I'm met with:

Uncaught ParagonIE\Certainty\Exception\BundleException: No valid bundles were found in the data directory. in ../vendor/paragonie/certainty/src/Fetch.php:80

Looking to ./data I'm seeing:

ca-certs-backup-20180219145811.json
ca-certs.cache
ca-certs.json
cacert-2016-11-02.pem
cacert-2017-01-16.pem
cacert-2017-06-07.pem
cacert-2017-09-20.pem
cacert-2018-01-17.pem

Thus it looks like we just need an updated cacert-*.pem correct?

My apologies if I'm being stupid here but.....

I was getting this error in my code. So I simplified as much as possible:

<?php
use ParagonIE\Certainty\RemoteFetch;
require '../../vendor/autoload.php';
mkdir("/tmp/aaa");
$fetcher = new RemoteFetch("/tmp/aaa");
var_dump($fetcher->getLatestBundle());

This still yields the same:

Fatal error: Uncaught ParagonIE\Certainty\Exception\FilesystemException: ca-certs.json not found in data directory. in /blah/vendor/paragonie/certainty/src/Fetch.php:116
Stack trace:
#0 /blah/vendor/paragonie/certainty/src/Fetch.php(63): ParagonIE\Certainty\Fetch->listBundles()
#1 /blah/vendor/paragonie/certainty/src/Certainty.php(32): ParagonIE\Certainty\Fetch->getLatestBundle()
#2 /blah/vendor/paragonie/certainty/src/Validator.php(104): ParagonIE\Certainty\Certainty::getGuzzleClient()
#3 /blah/vendor/paragonie/certainty/src/Fetch.php(78): ParagonIE\Certainty\Validator::checkChronicleHash(Object(ParagonIE\Certainty\Bundle))
#4 /blah/local/foobar/TESTTEST.php(10): ParagonIE\Certainty\Fetch->getLatestBundle()
#5 {main}
  thrown in /blah/vendor/paragonie/certainty/src/Fetch.php on line 116

But ....

$ ls -la /tmp/aaa/
total 1456
drwxrwxr-x.  2 foobar   foobar     4096 Apr  9 23:44 .
drwxrwxrwt. 17 root root   8192 Apr  9 23:44 ..
-rw-rw-r--.  1 foobar   foobar   263596 Apr  9 23:44 cacert-2016-11-02.pem
-rw-rw-r--.  1 foobar   foobar   261889 Apr  9 23:44 cacert-2017-01-18.pem
-rw-rw-r--.  1 foobar   foobar   256008 Apr  9 23:44 cacert-2017-06-07.pem
-rw-rw-r--.  1 foobar   foobar   236061 Apr  9 23:44 cacert-2017-09-20.pem
-rw-rw-r--.  1 foobar   foobar   223903 Apr  9 23:44 cacert-2018-01-17.pem
-rw-rw-r--.  1 foobar   foobar   215556 Apr  9 23:44 cacert-2018-03-07.pem
-rw-rw-r--.  1 foobar   foobar       25 Apr  9 23:44 ca-certs.cache
-rw-rw-r--.  1 foobar   foobar     2205 Apr  9 23:44 ca-certs.json

Bearing in mind /tmp/aaa didn't even exist before I executed the PHP !

As per the almighty docs (certainty/docs/README.md), certain permissions are required for certainty to run as intended.

Unfortunately this then interferes with later php composer.phar update runs as outlined below:

[foobar@wwl lib]$ php composer.phar update
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 1 update, 0 removals
  - Updating paragonie/certainty (v1.0.3 => v1.0.4):     Update failed (Could not delete /blah/vendor/paragonie/certainty/data/cacert-2016-11-02.pem: )
    Would you like to try reinstalling the package instead [yes]? yes
  - Removing paragonie/certainty (v1.0.3)

                                                                                                                  
  [RuntimeException]                                                                                              
  Could not delete /blah/vendor/paragonie/certainty/data/cacert-2016-11-02.pem:  
                                                                                                                  

update [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [--no-suggest] [--with-dependencies] [--with-all-d
ependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|--interactive] [--root-reqs]
 [--] [<packages>]...

Running php composer.phar update as root is an undesirable concept and the daemon user tends to have no shell so can't run it as that either.

Perhaps you could find an cleverer way of dealing with the issue ? e.g. perhaps using the semi-volatile /tmp storage area instead of a composer vendor sub-dir ?

I need to be able to use certainty with Guzzle 7 as one of the dependencies on a project requires Guzzle 7. This pull request allows installing either Guzzle 6 or Guzzle 7. Tested with Guzzle 7.

This is a cool project. There are many times where servers use custom CAs or self-signed certs, such as Active Directory (LDAP). It would be really nice if this would allow plugging in those certs in some easy way.

This commit modified cacert-2022-07-19.pem which now shows the downloaded file as being bad. Is there a way to get certainty to download the file again during the composer update process?

diff --git a/data/ca-certs.json b/data/ca-certs.json
index 55d28060..fea53804 100644
--- a/data/ca-certs.json
+++ b/data/ca-certs.json
@@ -1,226 +1,235 @@
 [
-  {
-    "chronicle": "MsAFf8qPoG0CIgOPWKSc7Gm2yW3yWw1noeQloIY3fe0=",
-    "date": "2022-04-26",
-    "file": "cacert-2022-04-26.pem",
-    "sha256": "08df40e8f528ed283b0e480ba4bcdbfdd2fdcf695a7ada1668243072d80f8b6f",
-    "signature": "0022b6276c1353367bc63100527f6f1e6b5e3195ae09d2a7b9f16a510fa74fcb0a3338edae05ab5ba6a6604d48262f5846daf8a835deac968c2f5702c66c3f09",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "i7AOI54CY6k4gkCg8JwQTncHgPlQK1AJFJfwVJRoUWg=",
-    "date": "2022-03-18",
-    "file": "cacert-2022-03-18.pem",
-    "sha256": "2d0575e481482551a6a4f9152e7d2ab4bafaeaee5f2606edb829c2fdb3713336",
-    "signature": "80039a6fc03173635138cd128bde1884eab3265c8202a3fa3bfff63eba04203200cc7289d8c89fbb12a54769098680ef128532b893a738467064f15674b34e05",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "UBTl8kOHJQaIySGaOcj1pgj1riLzEL-slR5jnQKk0hQ=",
-    "date": "2022-02-01",
-    "file": "cacert-2022-02-01.pem",
-    "sha256": "1d9195b76d2ea25c2b5ae9bee52d05075244d78fcd9c58ee0b6fac47d395a5eb",
-    "signature": "0cec2588e826f19373b08cb72193d1e285d5523c4644d7592e71cc5645905c8f0a4400a02ae0faa7fb22b3295c6e86dbae4080f29ed2d7af2bb9a36daa87eb05",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "qPtAFNW4gxaw7p5dzlU2dlpaFfcIKrYypHYq-wv4z3U=",
-    "date": "2021-10-26",
-    "file": "cacert-2021-10-26.pem",
-    "sha256": "ae31ecb3c6e9ff3154cb7a55f017090448f88482f0e94ac927c0c67a1f33b9cf",
-    "signature": "21bdd9871f8bcae2f354c4c09ae4a03e0a29e973c33a1d4607bf07e6b9b55cb2973c08cef3bcda5b064ba1971aed8e0399292bb823a7b2cfe0e6505e07b0120c",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "qi_kK3qGdkbz5DnY9WssEUycqGWlR1qZV_pzRK8jTNg=",
-    "date": "2021-09-30",
-    "file": "cacert-2021-09-30.pem",
-    "sha256": "f524fc21859b776e18df01a87880efa198112214e13494275dbcbd9bcb71d976",
-    "signature": "ada589b1bb75ee867bee6ad3ff7af5c70b0dcdcd9370aac25791018d615642457c1aa97a1ed6245f8618d970c64e0d6211befed168137aaf89ee9c5369a2070d",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "HwWisDykcIRkFMYVxvTkcpmNQapX0bTtkgWAZYhfHoo=",
-    "date": "2021-07-05",
-    "file": "cacert-2021-07-05.pem",
-    "sha256": "a3b534269c6974631db35f952e8d7c7dbf3d81ab329a232df575c2661de1214a",
-    "signature": "f1d5bfba84a875440495647fbb172b7cd690835cea1257ccfc588182f788c302cbcb765cf28b37331afb6a1b59766a23c39b57930ab53516f698b01ce24f7e0e",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "lX11jIxsfv5zRRn101HwYvme0dlsjDsbQGCq3X2hbEk=",
-    "date": "2021-05-25",
-    "file": "cacert-2021-05-25.pem",
-    "sha256": "3a32ad57e7f5556e36ede625b854057ac51f996d59e0952c207040077cbe48a9",
-    "signature": "902eca7e6c2985e17a69d3dbbff0b62bef26261b27372e0674685a52cd19044ec2094286474a8f2d6c24236e97390174558b60869b63c0041d9c1668790e1308",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "b-9qXkNR-mM_zU3Jy-WfgWIEZ2cYeKwrnoa1vrFkH6o=",
-    "date": "2021-04-13",
-    "file": "cacert-2021-04-13.pem",
-    "sha256": "533610ad2b004c1622a40622f86ced5e89762e1c0e4b3ae08b31b240d863e91f",
-    "signature": "6f9e9b320cdd771b41556deea796f817eb4eff93d72d023d857dfb51c9b03490417a456d39dfdfb4e947ceb412d344c87a6ec31fc5ce820da37ce3233992ff0e",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "g0XRUTaOBRgYdWNVCfAtSukBAOcDwpYILu1zWBRS1CM=",
-    "date": "2021-01-19",
-    "file": "cacert-2021-01-19.pem",
-    "sha256": "e010c0c071a2c79a76aa3c289dc7e4ac4ed38492bfda06d766a80b707ebd2f29",
-    "signature": "c5057562dd4610ea5a2fae7db283a6d10b80802f62da164885dd99abe95621e6ba90ee341b5e472b7d243607431ffa0a4750cbd9bc06ff5a001ef1b3eaef4a09",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "527Ync4-R9x1vU0zRjb0HegpaEm0PG7CdniSF_v1Kps=",
-    "date": "2020-12-08",
-    "file": "cacert-2020-12-08.pem",
-    "sha256": "313d562594ebd07846ad6b840dd18993f22e0f8b3f275d9aacfae118f4f00fb7",
-    "signature": "5cbaeb63be8978a6a0340d70bdc97a8f6dff181bbdd6db5bef03bbc3a1c9fa0daa8b1e9410021bf62bc52478743477c76502a3cef1103a8bd9c9e5c9b4017907",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "ODYFGSzD1oJ2sqqXs_XvtUW1pjoraYGcJtWlJnvn9eo=",
-    "date": "2020-10-14",
-    "file": "cacert-2020-10-14.pem",
-    "sha256": "bb28d145ed1a4ee67253d8ddb11268069c9dafe3db25a9eee654974c4e43eee5",
-    "signature": "87bb0a9756dfd5877d4340a4a069d8909da3fdeb8a6015819dfd870e30c76ba8a2fbd3828eec408b744d645a751042e16905e7a36607e6bb526a687b41ed3306",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "_GX0WG0O7NIuXh_xMO_MGjTZz6wEUE4VKWYPWvc0DEM=",
-    "date": "2020-07-22",
-    "file": "cacert-2020-07-22.pem",
-    "sha256": "2782f0f8e89c786f40240fc1916677be660fb8d8e25dede50c9f6f7b0c2c2178",
-    "signature": "0a9c70bd5837fa8ebc13038e9c1d7bae2c771984dcc1e3d69b15ef7d9efbc1e0aa459fd856895116c184d61c6232f5a2f0f6304852c98fba41db728f7efd2308",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "Q55vLfKV5CwScvCtHfgHh6ZA7Yznt0KTuwXZXNPMNKw=",
-    "date": "2020-06-24",
-    "file": "cacert-2020-06-24.pem",
-    "sha256": "726889705b00f736200ed7999f7a50021b8735d53228d679c4e6665aa3b44987",
-    "signature": "deb7deb691a637d40e727043365779f66cc3672f421a9097604916880a2b7b456b31d55c76b8f17afa41ac01b0645c5e3e6d7654196b4d9c92686e086162c30c",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "wCG8YrvbmDm9gefwmjB4eAjlRJiHxKVAcsiuoGLIqik=",
-    "date": "2020-01-01",
-    "file": "cacert-2020-01-01.pem",
-    "sha256": "adf770dfd574a0d6026bfaa270cb6879b063957177a991d453ff1d302c02081f",
-    "signature": "e0f50aa86e2977f37ec4c5dba72dd1aaea87389c439d701709d0fbe3351d59225da33b601e1c0789c8b6c1418f3c337daca24f63f17565e46bf3b2873928d20e",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "it79kHqPiO9miqIkDLuWEN8O4fCSiP3gMdCp9pVKV2I=",
-    "date": "2019-11-27",
-    "file": "cacert-2019-11-27.pem",
-    "sha256": "0d98a1a961aab523c9dc547e315e1d79e887dea575426ff03567e455fc0b66b4",
-    "signature": "74b8a1435f10bed11c57ef2a8e8ff79011fc5eda9b5686a2b2d0b18ae191f4b3a99de96993fb441679ab479120685e420a86aac5d83f445422fc57765cc20c00",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "qRzI9Hpck8sbbRi4I0-8TNkEl8Y8DD0myOpN6gWlAwU=",
-    "date": "2019-10-16",
-    "file": "cacert-2019-10-16.pem",
-    "sha256": "5cd8052fcf548ba7e08899d8458a32942bf70450c9af67a0850b4c711804a2e4",
-    "signature": "3867e0681ee141d285fc59b252e8f0fae52c0d7748db83eb7b1f2ed0fc94c901484bcccf6e91c9d59c9d0f2f4835c315c1a22ccbafa08db20e36a5c7db68190c",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "PW9pdgWmCjmswCmDLzJY51ENVdBRcZcJiUwKHBfQc2k=",
-    "date": "2019-08-28",
-    "file": "cacert-2019-08-28.pem",
-    "sha256": "38b6230aa4bee062cd34ee0ff6da173250899642b1937fc130896290b6bd91e3",
-    "signature": "4bd4fae2644726f4f9298b5d9399430c18db88d8f72ea6cdc89429dd43daf5032fb632912697643549938277a7b5235c3353da1b79ff14da3333aef16acfdd03",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "WQG3tH3CiLHg_upN0ABhKiYWOGwH3n9l4pM04bXwG54=",
-    "date": "2019-05-15",
-    "file": "cacert-2019-05-15.pem",
-    "sha256": "cb2eca3fbfa232c9e3874e3852d43b33589f27face98eef10242a853d83a437a",
-    "signature": "d368533011b7e9eb09d1cc3a78faef70adcd1188aaee7a47698e0783339275b9b506a982c98dee119969c599581275f76733e0c2f96380405faed1d8678a0302",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "ZUzngWCbx2xWxJnqnqDLtbOxFNqA6zztMt-tmYPYdoc=",
-    "date": "2019-01-23",
-    "file": "cacert-2019-01-23.pem",
-    "sha256": "c1fd9b235896b1094ee97bfb7e042f93530b5e300781f59b45edf84ee8c75000",
-    "signature": "28d301881a3920c84bb59e61ae1ead38f38657da8bd727b4a3204e3e0455a310bd706848d701b7132a1b4f5634b13b1ecd6df4630cff47b3aa2c9989de2ec902",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "5PQ6rLnMQyLLRGX_eC5TiwajK50yQm2DMpCYE1i7C3M=",
-    "date": "2018-12-05",
-    "file": "cacert-2018-12-05.pem",
-    "sha256": "4d89992b90f3e177ab1d895c00e8cded6c9009bec9d56981ff4f0a59e9cc56d6",
-    "signature": "950d49617edd8b4efd0096a3f487c9072f41a199b87951418d1a9850e0b6a579ebb8e71c35f25fb0ca0a5cbfe947146c2c2bc94007e5baf4eeb6b38f1185af03",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "geBD0phpZn7JONi35qOvpjOj1y1JfpezXVOXfOUIlxg=",
-    "date": "2018-10-17",
-    "file": "cacert-2018-10-17.pem",
-    "sha256": "86695b1be9225c3cf882d283f05c944e3aabbc1df6428a4424269a93e997dc65",
-    "signature": "d6fc0fb3d21356651d1e76c3e4fff862fcbaae21e4fd8011a34926365b0a45d35c3a57e631b9767df234018f91acff66ac4c60669f9efdcd6d9d74072285710a",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "EBF8N4OMJRr_GnDrP0A27d7hTF0Tbf2FMfgR2Wl7Uy0=",
-    "date": "2018-06-20",
-    "file": "cacert-2018-06-20.pem",
-    "sha256": "238823cd92d3bcdd67c1c278536d6c282dd6b526ee6ee97efbf00ef31d8c5d79",
-    "signature": "fd37524d4635ca88cf0ddf0493f6eec7ba0981b291aaac63b25a21a77721fadcda9ce4f9316f7f13b94e2869df55d4f1c07901bb8b84484bee6d10cadb33a104",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "Jmto9HgxYETn-1JA6YVjDEs7OyjY_bffb2kfy-AGM2E=",
-    "date": "2018-03-07",
-    "file": "cacert-2018-03-07.pem",
-    "sha256": "79ea479e9f329de7075c40154c591b51eb056d458bc4dff76d9a4b9c6c4f6d0b",
-    "signature": "06dc96f0bc32ee82eb7611ac7fe0bfa646fd4139a65fe7999a404377e4b4a3272f74c509c1cbb1a6f509c8c7d438e79e95982b1f992c7fc6071d99e6f103680c",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "HuICLQCF_DWnQGbosC6fK8PuifQgIrRi2WYshB2erZY=",
-    "date": "2018-01-17",
-    "file": "cacert-2018-01-17.pem",
-    "sha256": "defe310a0184a12e4b1b3d147f1d77395dd7a09e3428373d019bef5d542ceba3",
-    "signature": "de2bb6e94f46c13eb52d8cd561d456367f0abe1ed0799eb9347ad2047c1d6bacebf275d42b4c5188231d76fcc5904e483c4bef0d41ca791448b23269b1b67d05",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "pTmauXUmQrr2BN8uJX3mCKk0GSokHl61qHUrXsUFziE=",
-    "date": "2017-09-20",
-    "file": "cacert-2017-09-20.pem",
-    "sha256": "435ac8e816f5c10eaaf228d618445811c16a5e842e461cb087642b6265a36856",
-    "signature": "9007f7f0411d6d1f1f5136b247375e614a24216e4fc6c9d6d12642f986f3d45cea3daa2a19705579845a37488ce679f78a1b890d24da6157a2e9894d351fa70a",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "tUgevWspRLIznoIx0G6XRMucU4XJSBV3qYZEPWovZV8=",
-    "date": "2017-06-07",
-    "file": "cacert-2017-06-07.pem",
-    "sha256": "e78c8ab7b4432bd466e64bb942d988f6c0ac91cd785017e465bdc96d42fe9dd0",
-    "signature": "ed1fc6af6827cac04da6caf40deffeadc2a19feba5281d7cf92d1563ad9af49b8d25bf459e5d5acec0fe723394f88f240d4b716e52f3835f9ab3caa3cc85380e",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "vkGXMsFKfLlQBh3uYUQbLFdXKgQe5huy-pZZ-9cIDJ4=",
-    "date": "2017-01-18",
-    "file": "cacert-2017-01-18.pem",
-    "sha256": "e62a07e61e5870effa81b430e1900778943c228bd7da1259dd6a955ee2262b47",
-    "signature": "0f217f29c9711cd74ed60f0f6da886c166969945546a6e75e6fa8cf5ea87387f5fce1e1ced71af46095d2dd411a3676ec1aa40927cc0d47a91adaeef965b240b",
-    "trust-channel": "Mozilla"
-  },
-  {
-    "chronicle": "5dmkHGPHwnIOawjmnrbXBIXap92GqF2aDraASC12AVM=",
-    "date": "2016-11-02",
-    "file": "cacert-2016-11-02.pem",
-    "sha256": "cc7c9e2d259e20b72634371b146faec98df150d18dd9da9ad6ef0b2deac2a9d3",
-    "signature": "59687e4a471591fd09f2e9d84a595fd37618eadf0c4a3eef56feaca10100a175da520dbd068473189af3775ca91e1f48eb55155accb9d5c6137d25b6a9e93103",
-    "trust-channel": "Mozilla"
-  }
-]
+    {
+        "chronicle": "_4hP4cmNQ-z9feUaS_u48IagHWgNqOMlormPhk4b968=",
+        "date": "2022-07-19",
+        "file": "cacert-2022-07-19.pem",
+        "sha256": "6ed95025fba2aef0ce7b647607225745624497f876d74ef6ec22b26e73e9de77",
+        "signature": "0022b6276c1353367bc63100527f6f1e6b5e3195ae09d2a7b9f16a510fa74fcb0a3338edae05ab5ba6a6604d48262f5846daf8a835deac968c2f5702c66c3f09",
+        "trust-channel": "Mozilla",
+        "bad-bundle": "Marked bad on 2022-07-19T14:13:38+00:00 for reason: SHA256 mismatch"
+    },
+    {
+        "chronicle": "MsAFf8qPoG0CIgOPWKSc7Gm2yW3yWw1noeQloIY3fe0=",
+        "date": "2022-04-26",
+        "file": "cacert-2022-04-26.pem",
+        "sha256": "08df40e8f528ed283b0e480ba4bcdbfdd2fdcf695a7ada1668243072d80f8b6f",
+        "signature": "0022b6276c1353367bc63100527f6f1e6b5e3195ae09d2a7b9f16a510fa74fcb0a3338edae05ab5ba6a6604d48262f5846daf8a835deac968c2f5702c66c3f09",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "i7AOI54CY6k4gkCg8JwQTncHgPlQK1AJFJfwVJRoUWg=",
+        "date": "2022-03-18",
+        "file": "cacert-2022-03-18.pem",
+        "sha256": "2d0575e481482551a6a4f9152e7d2ab4bafaeaee5f2606edb829c2fdb3713336",
+        "signature": "80039a6fc03173635138cd128bde1884eab3265c8202a3fa3bfff63eba04203200cc7289d8c89fbb12a54769098680ef128532b893a738467064f15674b34e05",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "UBTl8kOHJQaIySGaOcj1pgj1riLzEL-slR5jnQKk0hQ=",
+        "date": "2022-02-01",
+        "file": "cacert-2022-02-01.pem",
+        "sha256": "1d9195b76d2ea25c2b5ae9bee52d05075244d78fcd9c58ee0b6fac47d395a5eb",
+        "signature": "0cec2588e826f19373b08cb72193d1e285d5523c4644d7592e71cc5645905c8f0a4400a02ae0faa7fb22b3295c6e86dbae4080f29ed2d7af2bb9a36daa87eb05",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "qPtAFNW4gxaw7p5dzlU2dlpaFfcIKrYypHYq-wv4z3U=",
+        "date": "2021-10-26",
+        "file": "cacert-2021-10-26.pem",
+        "sha256": "ae31ecb3c6e9ff3154cb7a55f017090448f88482f0e94ac927c0c67a1f33b9cf",
+        "signature": "21bdd9871f8bcae2f354c4c09ae4a03e0a29e973c33a1d4607bf07e6b9b55cb2973c08cef3bcda5b064ba1971aed8e0399292bb823a7b2cfe0e6505e07b0120c",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "qi_kK3qGdkbz5DnY9WssEUycqGWlR1qZV_pzRK8jTNg=",
+        "date": "2021-09-30",
+        "file": "cacert-2021-09-30.pem",
+        "sha256": "f524fc21859b776e18df01a87880efa198112214e13494275dbcbd9bcb71d976",
+        "signature": "ada589b1bb75ee867bee6ad3ff7af5c70b0dcdcd9370aac25791018d615642457c1aa97a1ed6245f8618d970c64e0d6211befed168137aaf89ee9c5369a2070d",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "HwWisDykcIRkFMYVxvTkcpmNQapX0bTtkgWAZYhfHoo=",
+        "date": "2021-07-05",
+        "file": "cacert-2021-07-05.pem",
+        "sha256": "a3b534269c6974631db35f952e8d7c7dbf3d81ab329a232df575c2661de1214a",
+        "signature": "f1d5bfba84a875440495647fbb172b7cd690835cea1257ccfc588182f788c302cbcb765cf28b37331afb6a1b59766a23c39b57930ab53516f698b01ce24f7e0e",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "lX11jIxsfv5zRRn101HwYvme0dlsjDsbQGCq3X2hbEk=",
+        "date": "2021-05-25",
+        "file": "cacert-2021-05-25.pem",
+        "sha256": "3a32ad57e7f5556e36ede625b854057ac51f996d59e0952c207040077cbe48a9",
+        "signature": "902eca7e6c2985e17a69d3dbbff0b62bef26261b27372e0674685a52cd19044ec2094286474a8f2d6c24236e97390174558b60869b63c0041d9c1668790e1308",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "b-9qXkNR-mM_zU3Jy-WfgWIEZ2cYeKwrnoa1vrFkH6o=",
+        "date": "2021-04-13",
+        "file": "cacert-2021-04-13.pem",
+        "sha256": "533610ad2b004c1622a40622f86ced5e89762e1c0e4b3ae08b31b240d863e91f",
+        "signature": "6f9e9b320cdd771b41556deea796f817eb4eff93d72d023d857dfb51c9b03490417a456d39dfdfb4e947ceb412d344c87a6ec31fc5ce820da37ce3233992ff0e",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "g0XRUTaOBRgYdWNVCfAtSukBAOcDwpYILu1zWBRS1CM=",
+        "date": "2021-01-19",
+        "file": "cacert-2021-01-19.pem",
+        "sha256": "e010c0c071a2c79a76aa3c289dc7e4ac4ed38492bfda06d766a80b707ebd2f29",
+        "signature": "c5057562dd4610ea5a2fae7db283a6d10b80802f62da164885dd99abe95621e6ba90ee341b5e472b7d243607431ffa0a4750cbd9bc06ff5a001ef1b3eaef4a09",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "527Ync4-R9x1vU0zRjb0HegpaEm0PG7CdniSF_v1Kps=",
+        "date": "2020-12-08",
+        "file": "cacert-2020-12-08.pem",
+        "sha256": "313d562594ebd07846ad6b840dd18993f22e0f8b3f275d9aacfae118f4f00fb7",
+        "signature": "5cbaeb63be8978a6a0340d70bdc97a8f6dff181bbdd6db5bef03bbc3a1c9fa0daa8b1e9410021bf62bc52478743477c76502a3cef1103a8bd9c9e5c9b4017907",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "ODYFGSzD1oJ2sqqXs_XvtUW1pjoraYGcJtWlJnvn9eo=",
+        "date": "2020-10-14",
+        "file": "cacert-2020-10-14.pem",
+        "sha256": "bb28d145ed1a4ee67253d8ddb11268069c9dafe3db25a9eee654974c4e43eee5",
+        "signature": "87bb0a9756dfd5877d4340a4a069d8909da3fdeb8a6015819dfd870e30c76ba8a2fbd3828eec408b744d645a751042e16905e7a36607e6bb526a687b41ed3306",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "_GX0WG0O7NIuXh_xMO_MGjTZz6wEUE4VKWYPWvc0DEM=",
+        "date": "2020-07-22",
+        "file": "cacert-2020-07-22.pem",
+        "sha256": "2782f0f8e89c786f40240fc1916677be660fb8d8e25dede50c9f6f7b0c2c2178",
+        "signature": "0a9c70bd5837fa8ebc13038e9c1d7bae2c771984dcc1e3d69b15ef7d9efbc1e0aa459fd856895116c184d61c6232f5a2f0f6304852c98fba41db728f7efd2308",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "Q55vLfKV5CwScvCtHfgHh6ZA7Yznt0KTuwXZXNPMNKw=",
+        "date": "2020-06-24",
+        "file": "cacert-2020-06-24.pem",
+        "sha256": "726889705b00f736200ed7999f7a50021b8735d53228d679c4e6665aa3b44987",
+        "signature": "deb7deb691a637d40e727043365779f66cc3672f421a9097604916880a2b7b456b31d55c76b8f17afa41ac01b0645c5e3e6d7654196b4d9c92686e086162c30c",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "wCG8YrvbmDm9gefwmjB4eAjlRJiHxKVAcsiuoGLIqik=",
+        "date": "2020-01-01",
+        "file": "cacert-2020-01-01.pem",
+        "sha256": "adf770dfd574a0d6026bfaa270cb6879b063957177a991d453ff1d302c02081f",
+        "signature": "e0f50aa86e2977f37ec4c5dba72dd1aaea87389c439d701709d0fbe3351d59225da33b601e1c0789c8b6c1418f3c337daca24f63f17565e46bf3b2873928d20e",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "it79kHqPiO9miqIkDLuWEN8O4fCSiP3gMdCp9pVKV2I=",
+        "date": "2019-11-27",
+        "file": "cacert-2019-11-27.pem",
+        "sha256": "0d98a1a961aab523c9dc547e315e1d79e887dea575426ff03567e455fc0b66b4",
+        "signature": "74b8a1435f10bed11c57ef2a8e8ff79011fc5eda9b5686a2b2d0b18ae191f4b3a99de96993fb441679ab479120685e420a86aac5d83f445422fc57765cc20c00",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "qRzI9Hpck8sbbRi4I0-8TNkEl8Y8DD0myOpN6gWlAwU=",
+        "date": "2019-10-16",
+        "file": "cacert-2019-10-16.pem",
+        "sha256": "5cd8052fcf548ba7e08899d8458a32942bf70450c9af67a0850b4c711804a2e4",
+        "signature": "3867e0681ee141d285fc59b252e8f0fae52c0d7748db83eb7b1f2ed0fc94c901484bcccf6e91c9d59c9d0f2f4835c315c1a22ccbafa08db20e36a5c7db68190c",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "PW9pdgWmCjmswCmDLzJY51ENVdBRcZcJiUwKHBfQc2k=",
+        "date": "2019-08-28",
+        "file": "cacert-2019-08-28.pem",
+        "sha256": "38b6230aa4bee062cd34ee0ff6da173250899642b1937fc130896290b6bd91e3",
+        "signature": "4bd4fae2644726f4f9298b5d9399430c18db88d8f72ea6cdc89429dd43daf5032fb632912697643549938277a7b5235c3353da1b79ff14da3333aef16acfdd03",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "WQG3tH3CiLHg_upN0ABhKiYWOGwH3n9l4pM04bXwG54=",
+        "date": "2019-05-15",
+        "file": "cacert-2019-05-15.pem",
+        "sha256": "cb2eca3fbfa232c9e3874e3852d43b33589f27face98eef10242a853d83a437a",
+        "signature": "d368533011b7e9eb09d1cc3a78faef70adcd1188aaee7a47698e0783339275b9b506a982c98dee119969c599581275f76733e0c2f96380405faed1d8678a0302",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "ZUzngWCbx2xWxJnqnqDLtbOxFNqA6zztMt-tmYPYdoc=",
+        "date": "2019-01-23",
+        "file": "cacert-2019-01-23.pem",
+        "sha256": "c1fd9b235896b1094ee97bfb7e042f93530b5e300781f59b45edf84ee8c75000",
+        "signature": "28d301881a3920c84bb59e61ae1ead38f38657da8bd727b4a3204e3e0455a310bd706848d701b7132a1b4f5634b13b1ecd6df4630cff47b3aa2c9989de2ec902",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "5PQ6rLnMQyLLRGX_eC5TiwajK50yQm2DMpCYE1i7C3M=",
+        "date": "2018-12-05",
+        "file": "cacert-2018-12-05.pem",
+        "sha256": "4d89992b90f3e177ab1d895c00e8cded6c9009bec9d56981ff4f0a59e9cc56d6",
+        "signature": "950d49617edd8b4efd0096a3f487c9072f41a199b87951418d1a9850e0b6a579ebb8e71c35f25fb0ca0a5cbfe947146c2c2bc94007e5baf4eeb6b38f1185af03",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "geBD0phpZn7JONi35qOvpjOj1y1JfpezXVOXfOUIlxg=",
+        "date": "2018-10-17",
+        "file": "cacert-2018-10-17.pem",
+        "sha256": "86695b1be9225c3cf882d283f05c944e3aabbc1df6428a4424269a93e997dc65",
+        "signature": "d6fc0fb3d21356651d1e76c3e4fff862fcbaae21e4fd8011a34926365b0a45d35c3a57e631b9767df234018f91acff66ac4c60669f9efdcd6d9d74072285710a",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "EBF8N4OMJRr_GnDrP0A27d7hTF0Tbf2FMfgR2Wl7Uy0=",
+        "date": "2018-06-20",
+        "file": "cacert-2018-06-20.pem",
+        "sha256": "238823cd92d3bcdd67c1c278536d6c282dd6b526ee6ee97efbf00ef31d8c5d79",
+        "signature": "fd37524d4635ca88cf0ddf0493f6eec7ba0981b291aaac63b25a21a77721fadcda9ce4f9316f7f13b94e2869df55d4f1c07901bb8b84484bee6d10cadb33a104",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "Jmto9HgxYETn-1JA6YVjDEs7OyjY_bffb2kfy-AGM2E=",
+        "date": "2018-03-07",
+        "file": "cacert-2018-03-07.pem",
+        "sha256": "79ea479e9f329de7075c40154c591b51eb056d458bc4dff76d9a4b9c6c4f6d0b",
+        "signature": "06dc96f0bc32ee82eb7611ac7fe0bfa646fd4139a65fe7999a404377e4b4a3272f74c509c1cbb1a6f509c8c7d438e79e95982b1f992c7fc6071d99e6f103680c",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "HuICLQCF_DWnQGbosC6fK8PuifQgIrRi2WYshB2erZY=",
+        "date": "2018-01-17",
+        "file": "cacert-2018-01-17.pem",
+        "sha256": "defe310a0184a12e4b1b3d147f1d77395dd7a09e3428373d019bef5d542ceba3",
+        "signature": "de2bb6e94f46c13eb52d8cd561d456367f0abe1ed0799eb9347ad2047c1d6bacebf275d42b4c5188231d76fcc5904e483c4bef0d41ca791448b23269b1b67d05",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "pTmauXUmQrr2BN8uJX3mCKk0GSokHl61qHUrXsUFziE=",
+        "date": "2017-09-20",
+        "file": "cacert-2017-09-20.pem",
+        "sha256": "435ac8e816f5c10eaaf228d618445811c16a5e842e461cb087642b6265a36856",
+        "signature": "9007f7f0411d6d1f1f5136b247375e614a24216e4fc6c9d6d12642f986f3d45cea3daa2a19705579845a37488ce679f78a1b890d24da6157a2e9894d351fa70a",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "tUgevWspRLIznoIx0G6XRMucU4XJSBV3qYZEPWovZV8=",
+        "date": "2017-06-07",
+        "file": "cacert-2017-06-07.pem",
+        "sha256": "e78c8ab7b4432bd466e64bb942d988f6c0ac91cd785017e465bdc96d42fe9dd0",
+        "signature": "ed1fc6af6827cac04da6caf40deffeadc2a19feba5281d7cf92d1563ad9af49b8d25bf459e5d5acec0fe723394f88f240d4b716e52f3835f9ab3caa3cc85380e",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "vkGXMsFKfLlQBh3uYUQbLFdXKgQe5huy-pZZ-9cIDJ4=",
+        "date": "2017-01-18",
+        "file": "cacert-2017-01-18.pem",
+        "sha256": "e62a07e61e5870effa81b430e1900778943c228bd7da1259dd6a955ee2262b47",
+        "signature": "0f217f29c9711cd74ed60f0f6da886c166969945546a6e75e6fa8cf5ea87387f5fce1e1ced71af46095d2dd411a3676ec1aa40927cc0d47a91adaeef965b240b",
+        "trust-channel": "Mozilla"
+    },
+    {
+        "chronicle": "5dmkHGPHwnIOawjmnrbXBIXap92GqF2aDraASC12AVM=",
+        "date": "2016-11-02",
+        "file": "cacert-2016-11-02.pem",
+        "sha256": "cc7c9e2d259e20b72634371b146faec98df150d18dd9da9ad6ef0b2deac2a9d3",
+        "signature": "59687e4a471591fd09f2e9d84a595fd37618eadf0c4a3eef56feaca10100a175da520dbd068473189af3775ca91e1f48eb55155accb9d5c6137d25b6a9e93103",
+        "trust-channel": "Mozilla"
+    }
+]

(PHP 7.2.4)

I'm sure this is on your radar, but just incase....

PHP Warning: A non-numeric value encountered in vendor/paragonie/certainty/src/Certainty.php on line 33 PHP message: PHP Warning: Use of undefined constant CURL_SSLVERSION_TLSv1_2 - assumed 'CURL_SSLVERSION_TLSv1_2' (this will throw an Error in a future version of PHP) in vendor/paragonie/certainty/src/Certainty.php on line 33

Situation: I have found a CURLOPT_SSL_VERIFYPEER => false in some code that runs in production on a remote Windows machine. It's an epic PITA to update / test the final environment, so I'd like to be reasonably sure the requirements are met before I ask our team to fix it.

I would assume this works, but on the other hand, documentation does mention symlinks with no caveats. (I've looked at the README, the main docs, and the RemoteFetch docs.)

Just do minor / bugfix releases on updates. This will make it usable as dependency for libraries instead of projects only without a need for minimum-stability: dev.

PHP 7.1.17 Windows 8

Fatal error: Uncaught GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) in C:\testProject\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php on line 186

GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) in C:\testProject\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php on line 186

Call Stack:
    0.0004     352072   1. {main}() C:\testProject\temp\testCertainty.php:0
    0.0618    2258456   2. ParagonIE\Certainty\RemoteFetch->getLatestBundle() C:\testProject\temp\testCertainty.php:7
    0.0618    2258456   3. ParagonIE\Certainty\RemoteFetch->listBundles() C:\testProject\vendor\paragonie\certainty\src\Fetch.php:64
    0.0619    2258456   4. ParagonIE\Certainty\RemoteFetch->remoteFetchBundles() C:\testProject\vendor\paragonie\certainty\src\RemoteFetch.php:113
    0.0619    2258568   5. GuzzleHttp\Client->get() C:\testProject\vendor\paragonie\certainty\src\RemoteFetch.php:128
    0.0619    2258840   6. GuzzleHttp\Client->__call() C:\testProject\vendor\paragonie\certainty\src\RemoteFetch.php:128
    0.0619    2258840   7. GuzzleHttp\Client->request() C:\testProject\vendor\guzzlehttp\guzzle\src\Client.php:89
    0.9388    2579872   8. GuzzleHttp\Promise\RejectedPromise->wait() C:\testProject\vendor\guzzlehttp\guzzle\src\Client.php:131

This is not exactly a significant difference:

diff --git a/cacert-2022-03-18.pem b/cacert-2022-03-29.pem
index e91e25f..5dbd0af 100644
--- a/cacert-2022-03-18.pem
+++ b/cacert-2022-03-29.pem
@@ -1,7 +1,7 @@
 ##
 ## Bundle of CA Root Certificates
 ##
-## Certificate data from Mozilla as of: Fri Mar 18 12:29:51 2022 GMT
+## Certificate data from Mozilla as of: Tue Mar 29 03:12:05 2022 GMT
 ##
 ## This is a bundle of X.509 certificates of public Certificate Authorities
 ## (CA). These were automatically extracted from Mozilla's root certificates
@@ -14,7 +14,7 @@
 ## Just configure this file as the SSLCACertificateFile.
 ##
 ## Conversion done with mk-ca-bundle.pl version 1.29.
-## SHA256: 187ef9dc231135324fe78830cf4462f1ecdeab3e6c9d5e38d623391e88dc5d3c
+## SHA256: d59c5c83ce7a7635fa95521d8d245677949b86d5574bfcc6f855b6a48f2d5566
 ##

Should we bother adding the 2022-03-29 bundle for completeness?

The default declaration of RemoteFetch always throws a FilesystemException because $dataDir is empty. I think $dataDir should be a mandatory argument or have a default value of ".". What do you think.

It occured when using https://github.com/paragonie/quill with the default $http constructor argument. I stumbled upon this when trying the example from the Quill Readme on PHP 7.2.18

Hello,

If I understand the source code correctly, if GitHub is down or there is some kind of network availability issue, RemoteFetch::remoteFetchBundles() is going to throw a TransferException from Guzzle. Do I have this right? In other words, to properly use this class, we should wrap calls to getLatestBundle() in try/catch and fall back to the Fetch class?