PHP sockets: Fix “Unable to complete TLS handshake” with mkcert local development certificates

I use DDEV-Local for my local development stack. DDEV leverages mkcert for trusted local development certificates. The mkcert tool has been a missing component in my local development stack for a long time. And, the best part, it has worked without any problems. Until this week. My coworker said that a script I wrote was not working — it kept failing saying that the remote certificate could not be validated. However, cURL had no complaints, nor did any web browser. I chalked it up as “works on my machine 🤷‍♂️.” Until today 😬.

I was working on the follow up to my blog about using ReactPHP to consume an HTTP API. I was taking the resulting data and creating entities on a Drupal site. I point the react/http client to https://drupex.ddev.site... and got an unexpected error.

Connection to drupex.ddev.site:443 failed during TLS handshake: Unable to complete TLS handshake: SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

Now, why did this work before on my other machine? I was using PHP’s built-in webserver. I wasn’t using a secure connection locally. My coworker was. Just like him, I had no issues connecting via cURL or wget or a browser.

To be safe, I ran the mkcert installer again

~ » mkcert -install…