{"id":13462537,"url":"https://github.com/paragonie/certainty","last_synced_at":"2025-05-16T08:00:26.136Z","repository":{"id":46752016,"uuid":"107899742","full_name":"paragonie/certainty","owner":"paragonie","description":"Automated cacert.pem management for PHP projects","archived":false,"fork":false,"pushed_at":"2024-05-08T16:08:07.000Z","size":991,"stargazers_count":263,"open_issues_count":4,"forks_count":17,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-03-18T11:38:43.062Z","etag":null,"topics":["cacert","cert-bundles","certainty","certificate","composer","pem-management","php","security","security-tools","tls","tls-certificate","tls-certificates","x509certificates"],"latest_commit_sha":null,"homepage":"https://paragonie.com/b/W-QQeh1z7ijYMXi7","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paragonie.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-22T20:20:52.000Z","updated_at":"2024-11-06T22:50:01.000Z","dependencies_parsed_at":"2024-05-11T22:47:28.862Z","dependency_job_id":null,"html_url":"https://github.com/paragonie/certainty","commit_stats":{"total_commits":150,"total_committers":6,"mean_commits":25.0,"dds":"0.046666666666666634","last_synced_commit":"72868f1ca76f923907ea8f3f4b820d5662aca54c"},"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paragonie%2Fcertainty","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paragonie%2Fcertainty/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paragonie%2Fcertainty/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paragonie%2Fcertainty/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paragonie","download_url":"https://codeload.github.com/paragonie/certainty/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244666584,"owners_count":20490287,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cacert","cert-bundles","certainty","certificate","composer","pem-management","php","security","security-tools","tls","tls-certificate","tls-certificates","x509certificates"],"created_at":"2024-07-31T12:00:51.223Z","updated_at":"2025-03-25T13:06:53.683Z","avatar_url":"https://github.com/paragonie.png","language":"PHP","funding_links":[],"categories":["Uncategorized","PHP"],"sub_categories":["Uncategorized"],"readme":"# Certainty - CA-Cert Automation for PHP Projects\n\n[![Build Status](https://github.com/paragonie/certainty/actions/workflows/ci.yml/badge.svg)](https://github.com/paragonie/certainty/actions)\n[![Latest Stable Version](https://poser.pugx.org/paragonie/certainty/v/stable)](https://packagist.org/packages/paragonie/certainty)\n[![Latest Unstable Version](https://poser.pugx.org/paragonie/certainty/v/unstable)](https://packagist.org/packages/paragonie/certainty)\n[![License](https://poser.pugx.org/paragonie/certainty/license)](https://packagist.org/packages/paragonie/certainty)\n[![Downloads](https://img.shields.io/packagist/dt/paragonie/certainty.svg)](https://packagist.org/packages/paragonie/certainty)\n\nAutomate your PHP projects' cacert.pem management.\n[Read the blog post introducing Certainty](https://paragonie.com/blog/2017/10/certainty-automated-cacert-pem-management-for-php-software).\n\n**Requires PHP 5.5 or newer.**\nCertainty should work on any operating system (including Windows), although the symlink\nfeature may not function in Virtualbox Shared Folders.\n\n## Who is Certainty meant for?\n\n* Open source developers with no control over where their code is deployed\n  (e.g. Magento module developers).\n* People whose code might be deployed in weird environments with CACert \n  bundles that are outdated or in unpredictable locations.\n* People who are generally forced between:\n  1. Disabling certificate validation entirely, or\n  2. Increasing their support burden to deal with corner-cases where suddenly\n     HTTP requests are failing on weird systems\n\nCertainty allows your software to \"just work\" (which is usually the motivation\nfor disabling certificate validation) without being vulnerable to man-in-the-middle\nattacks.\n\n### Motivation\n\nMany HTTP libraries require you to specify a file path to a `cacert.pem` file in order to use TLS correctly.\nOmitting this file means either disabling certificate validation entirely (which enables trivial man-in-the-middle\nexploits), connection failures, or hoping that your library falls back safely to the operating system's bundle.\n\nIn short, the possible outcomes (from best to worst) are as follows:\n\n1. Specify a cacert file, and you get to enjoy TLS as it was intended. (Secure.)\n2. Omit a cacert file, and the OS maybe bails you out. (Uncertain.)\n3. Omit a cacert file, and it fails closed. (Connection failed. Angry customers.)\n4. Omit a cacert file, and it fails open. (Data compromised. Hurt customers. Expensive legal proceedings.)\n\nObviously, the first outcome is optimal. So we built *Certainty* to make it easier to ensure open\nsource projects do this.\n\n## Installing Certainty\n\nFrom Composer:\n\n```bash\ncomposer require paragonie/certainty:^2\n```\n\nCertainty will keep certificates up to date via `RemoteFetch`, so you don't need to update\nCertainty library just to get fresh CA-Cert bundles. Update only for bugfixes (especially\nsecurity fixes) and new features.\n\n### Non-Supported Use Case:\n\nIf you are not using [`RemoteFetch`](docs/features/RemoteFetch.md) (which is strongly recommended\nthat you do, and we only provide support for systems that *do* use `RemoteFetch`), then you want\nto use `dev-master` rather than a version constraint, due to the nature of CA Certificates.\n\nIf a major CA gets compromised and their certificates are revoked, you don't want to continue\ntrusting these certificates.\n\nFurthermore, in the event of avoiding `RemoteFetch`, you should be running `composer update` at least\nonce per week to prevent stale CA-Cert files from causing issues.\n\n## Using Certainty\n\nSee [the documentation](docs/README.md). \n\n## What Certainty Does\n\nCertainty maintains a repository of all the `cacert.pem` files since 2017, along with a sha256sum and\nEd25519 signature of each file. When you request the latest bundle, Certainty will check both these\nvalues (the latter can only be signed by a key held by Paragon Initiative Enterprises, LLC) for each\nentry in the JSON value, and return the latest bundle that passes validation.\n\nThe cacert.pem files contained within are [reproducible from Mozilla's bundle](https://curl.haxx.se/docs/mk-ca-bundle.html).\n\n### How is Certainty different from composer/ca-bundle?\n\nThe key differences are:\n\n* Certainty will keep the CA-Cert bundles on your system up-to-date even if you do not\n  run `composer update`.\n* We sign our CA-Cert bundles using Ed25519, and check every update into the\n  [PHP community Chronicle](https://php-chronicle.pie-hosted.com).\n\n## Support Contracts\n\nIf your company uses this library in their products or services, you may be\ninterested in [purchasing a support contract from Paragon Initiative Enterprises](https://paragonie.com/enterprise).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparagonie%2Fcertainty","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fparagonie%2Fcertainty","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparagonie%2Fcertainty/lists"}