PHP Manual

Runtime Configuration

The behaviour of these functions is affected by settings in php.ini.

**openssl Configure Options**
Name	Default	Changeable
openssl.cafile	""	`INI_PERDIR`
openssl.capath	""	`INI_PERDIR`
openssl.libctx	"custom"	`INI_PERDIR`

For further details and definitions of the INI_* modes, see the Where a configuration setting may be set.

Here's a short explanation of the configuration directives.

openssl.cafile string: Location of Certificate Authority file on local filesystem which should be used with the verify_peer context option to authenticate the identity of the remote peer.
openssl.capath string: If cafile is not specified or if the certificate is not found there, the directory pointed to by capath is searched for a suitable certificate. capath must be a correctly hashed certificate directory.
openssl.libctx string: Specifies the type of OpenSSL library context to use. The default value, custom, creates a separate library context for each worker or thread. This improves isolation from other libraries using OpenSSL and, in ZTS builds, increases separation between threads. It is also possible to use the default value, which causes PHP to use OpenSSL's global default library context.

See also the SSL stream context options.