Helper function for handling SSL Certificate errors returned from API calls.

See details for information on the SSL errors.

handle_ssl(expr)

Arguments

expr	An expression. Internally, this is the request in hsapi_request.

Details

Generally, when an SSL Certificate issue is returned from HyroShare's API, it is a result of the intermediate CA certificate not being passed to the requester. Note that, we only retrieve the intermediate CA certificate because the root certificate is still being passed to the requester by the server. This can be verified here:

https://www.ssllabs.com/ssltest/analyze.html?d=hydroshare.org

To prevent this error, this function will catch the SSL error from a test GET request and download, store, and set the CURLOPT_CAINFO cURL option.

The certificate that this function retrieves is:

GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
Fingerprint SHA256: 8c43c5e340ec640f93ea774ac5353cca9042f764ff837f870d8b64763c458a41
Pin SHA256: n5dIU+KFaI00Y/prmvaZhqXOquF72TlPANCLxCA9HE8=
RSA 2048 bits (e 65537) / SHA256withRSA
https://www.digicert.com/kb/digicert-root-certificates.htm

The certificate chain that HydroShare uses is:

DigiCert Global Root CA
-> GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
   -> *.hydroshare.org