Download the PHP package paragonie/certainty without Composer

On this page you can find all versions of the php package paragonie/certainty. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package certainty

Certainty - CA-Cert Automation for PHP Projects

Build Status Latest Stable Version Latest Unstable Version License Downloads

Automate your PHP projects' cacert.pem management. Read the blog post introducing Certainty.

Requires PHP 5.5 or newer. Certainty should work on any operating system (including Windows), although the symlink feature may not function in Virtualbox Shared Folders.

Who is Certainty meant for?

Certainty allows your software to "just work" (which is usually the motivation for disabling certificate validation) without being vulnerable to man-in-the-middle attacks.

Motivation

Many HTTP libraries require you to specify a file path to a cacert.pem file in order to use TLS correctly. Omitting this file means either disabling certificate validation entirely (which enables trivial man-in-the-middle exploits), connection failures, or hoping that your library falls back safely to the operating system's bundle.

In short, the possible outcomes (from best to worst) are as follows:

  1. Specify a cacert file, and you get to enjoy TLS as it was intended. (Secure.)
  2. Omit a cacert file, and the OS maybe bails you out. (Uncertain.)
  3. Omit a cacert file, and it fails closed. (Connection failed. Angry customers.)
  4. Omit a cacert file, and it fails open. (Data compromised. Hurt customers. Expensive legal proceedings.)

Obviously, the first outcome is optimal. So we built Certainty to make it easier to ensure open source projects do this.

Installing Certainty

From Composer:

Certainty will keep certificates up to date via RemoteFetch, so you don't need to update Certainty library just to get fresh CA-Cert bundles. Update only for bugfixes (especially security fixes) and new features.

Non-Supported Use Case:

If you are not using RemoteFetch (which is strongly recommended that you do, and we only provide support for systems that do use RemoteFetch), then you want to use dev-master rather than a version constraint, due to the nature of CA Certificates.

If a major CA gets compromised and their certificates are revoked, you don't want to continue trusting these certificates.

Furthermore, in the event of avoiding RemoteFetch, you should be running composer update at least once per week to prevent stale CA-Cert files from causing issues.

Using Certainty

See the documentation.

What Certainty Does

Certainty maintains a repository of all the cacert.pem files since 2017, along with a sha256sum and Ed25519 signature of each file. When you request the latest bundle, Certainty will check both these values (the latter can only be signed by a key held by Paragon Initiative Enterprises, LLC) for each entry in the JSON value, and return the latest bundle that passes validation.

The cacert.pem files contained within are reproducible from Mozilla's bundle.

How is Certainty different from composer/ca-bundle?

The key differences are:

Support Contracts

If your company uses this library in their products or services, you may be interested in purchasing a support contract from Paragon Initiative Enterprises.


All versions of certainty with dependencies

PHP Build Version
Package Version
Requires php Version ^5.5|^7|^8
ext-curl Version *
ext-json Version *
guzzlehttp/guzzle Version ^6|^7
paragonie/constant_time_encoding Version ^1|^2|^3
paragonie/sodium_compat Version ^1|^2
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package paragonie/certainty contains the following files

Loading the files please wait ....