search

104corp / php-taiwan-bank

台灣的銀行代碼查詢 SDK for PHP
BSD 3-Clause "New" or "Revised" License
1 stars 2 forks source link

CI 測試會遇到 CA 不合法的問題 #1

Open MilesChou opened 7 years ago

MilesChou commented 7 years ago

暫時無解,但本機能測試過,可以先 pass , release 前修正即可

MilesChou commented 7 years ago

試過 sudo update-ca-certificates 也無效

測試過程可以參考 https://travis-ci.org/104corp/php-taiwan-bank/builds/282543319

minchao commented 7 years ago

CI Log:

https://travis-ci.org/104corp/php-taiwan-bank/jobs/282543321#L534

1) Corp104\Taiwan\Bank\SmokeTest::shouldBeOkayWhenSmokeTest
GuzzleHttp\Exception\RequestException: cURL error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)

資料來源 bankno_text.jsp 經過 302 轉到 HTTPS 下

https://github.com/104corp/php-taiwan-bank/blob/a533374ce6adbce2a09b24db422c1a8e201fbac7/src/Bank/OpenData.php#L19

SSL 憑證簽發者是 TWCA Secure SSL Certification Authority,應該就是問題的原因

$ curl -v http://www.banking.gov.tw/ch/ap/bankno_text.jsp
*   Trying 163.29.133.23...
* TCP_NODELAY set
* Connected to www.banking.gov.tw (127.0.0.1) port 80 (#0)
> GET /ch/ap/bankno_text.jsp HTTP/1.1
> Host: www.banking.gov.tw
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 302 Object moved
< Location: https://www.banking.gov.tw/ch/ap/bankno_text.jsp
< Content-Length: 167
< Content-Type: text/html
<
* Connection #0 to host www.banking.gov.tw left intact
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="https://www.banking.gov.tw/ch/ap/bankno_text.jsp">here</a>.</body>
minchao commented 7 years ago

在 Travis CI 上執行 curl 卻是 OK 的,值得注意的是 banking.gov.tw 有擋 curl 的預設 User-Agent

curl -A Guzzle https://www.banking.gov.tw/ch/ap/bankno_text.jsp
minchao commented 7 years ago

透過 Vagrant 來模擬 Travis CI 的測試環境

cURL:

執行 curl 時,Travis CI 與 Vagrant 都是使用相同的 OpenSSL,沒有問題

curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

PHP:

比對 PHP curl_version(),Travis CI 下 SSL 使用 GnuTLS/2.12.23,而 Vagrant 透過 phpenv 安裝則是使用 OpenSSL/1.0.1f。若將 Vagrant 的 PHP 版本改與 GnuTLS 編譯,也會得到一樣的 server certificate verification failed

Travis CI:

array(9) {
  'version_number' =>
  int(467712)
  'age' =>
  int(3)
  'features' =>
  int(50877)
  'ssl_version_number' =>
  int(0)
  'version' =>
  string(6) "7.35.0"
  'host' =>
  string(19) "x86_64-pc-linux-gnu"
  'ssl_version' =>
  string(14) "GnuTLS/2.12.23"
  'libz_version' =>
  string(5) "1.2.8"
  'protocols' =>
  array(19) {}
}

Vagrant:

array(9) {
  'version_number' =>
  int(467712)
  'age' =>
  int(3)
  'features' =>
  int(50877)
  'ssl_version_number' =>
  int(0)
  'version' =>
  string(6) "7.35.0"
  'host' =>
  string(19) "x86_64-pc-linux-gnu"
  'ssl_version' =>
  string(14) "OpenSSL/1.0.1f"
  'libz_version' =>
  string(5) "1.2.8"
  'protocols' =>
  array(19) {}
}

參考資料: