Po aktualizacji PHP do wersji 5.6 okazuje się, że od teraz inicjowane połączenia SSL są weryfikowane.

Cytując oficjalny dokument w tej sprawie:

All encrypted client streams now enable peer verification by default. 
By default, this will use OpenSSL's default CA bundle to verify the peer certificate. 
In most cases, no changes will need to be made to communicate with servers with valid 
SSL certificates, as distributors generally configure OpenSSL to use known good CA bundles.

The default CA bundle may be overridden on a global basis by setting either 
the openssl.cafile or openssl.capath configuration setting, or on a per request basis 
by using the cafile or capath context options.

While not recommended in general, it is possible to disable peer certificate verification 
for a request by setting the verify_peer context option to FALSE, and to disable peer name 
validation by setting the verify_peer_name context option to FALSE.

Instalujemy pakiet ca_root_nss:

pkg install ca_root_nss

Dopisujemy konfigurację do php.ini:

[openssl]
openssl.cafile="/usr/local/share/certs/ca-root-nss.crt"