[fix] Add OpenSSL ini config for PHP with custom cafile path

[subiabre]

Solution for #43, a path is set to use a custom cafile for OpenSSL.

@davidbeig can you help me put the code in place to get the file from https://curl.se/docs/caextract.html in the docker build step? Thank you!

---

• To see the specific tasks where the Asana app for GitHub is being used, see below:
  • https://app.asana.com/0/0/1209098345884093

[subiabre]

@davidbeig SSL works fine on the pipeline, maybe we can leave the custom cafile step for dev.

[davidbeig]

Hi!

I have just added the curl command to the Dockerfile, since it's in the base image it will be shared with the dev and prod envs.

What i don't get is the volumes that you are adding. Since we need the image to come with the file already in it, how's that you add it also to the docker-compose? In case we update it locally?

Could you try that the last commit works as expected?

[subiabre]

@davidbeig

There is an issue due to filenaming mismatch. PHP was instructed to use the file from /etc/ssl/ca-bundle.crt via openssl.ini config, while the Dockerfile places the downloaded file at /etc/ssl/certs/ca-certificates.crt.

Regarding on why the volumes:

• ./docker/php/ssl/ca-bundle.crt:/etc/ssl/ca-bundle.crt:ro was added so we could easily place a test .crt file at /docker/php/ssl for testing purposes.
• ./docker/php/conf.d/openssl.ini:/usr/local/etc/php/conf.d/openssl.ini:ro is added in order to config PHP and explicitly tell which certs bundle should be used for OpenSSL operations.

You can resolve the path namings as you wish. Thanks!