Runtime Configuration

The behaviour of these functions is affected by settings in php.ini.

openssl Configure Options

Name	Default	Changeable	Changelog
openssl.cafile	""	INI_PERDIR
openssl.capath	""	INI_PERDIR
openssl.libctx	"custom"	INI_PERDIR

For further details and definitions of the INI_* modes, see the Where a configuration setting may be set.

Here's a short explanation of the configuration directives.

openssl.cafile string

Location of Certificate Authority file on local filesystem which should be used with the verify_peer context option to authenticate the identity of the remote peer.

openssl.capath string

If cafile is not specified or if the certificate is not found there, the directory pointed to by capath is searched for a suitable certificate. capath must be a correctly hashed certificate directory.

openssl.libctx string

Specifies the type of OpenSSL library context to use. The default value, custom, creates a separate library context for each worker or thread. This improves isolation from other libraries using OpenSSL and, in ZTS builds, increases separation between threads. It is also possible to use the default value, which causes PHP to use OpenSSL's global default library context.

See also the SSL stream context options.