Closed sacOO7 closed 2 years ago
Code looks fine but I'm not sure I'm comfortable with us making this change. The TestApp API should have a valid certificate so if there's a problem with validating it then we should try and understand exactly what that problem is. I see that we got an SSL error in CI here but the issue didn't occur again when I re-ran the tests so I'd guess that was a temporary issue with GitHub runners. If you're consistently seeing the same error locally then I'd guess there's an issue with your local openssl installation?
The error says [SSL certificate error: unable to get local issuer certificate]
. So, the issue is surely from the local certificate. I am currently using the windows
machine. I have done a fresh installation of PHP. I am using PHP 8.1.4
. Since we are using test
env. anyways, I don't think it is a big issue disabling the SSL verification (We are still verifying the correct host). I think we need to confirm this issue doesn't occur on github again. It can, depending on the machine available at the time of test run.
The Ably sandbox cluster uses a public TLS certificate issued by AWS, and it uses the same issuance system as our production TLS certificates.
If you're getting TLS related errors, we should investigate the root cause and fix the underlying issue rather than disabling verification, as this may well affect other clients connecting to production.
@lmars it seems we have multiple tests
using the internal HTTP
class. Since we can't disable SSL for a non-test environment, I will only keep the code that reports errors with the server. I will also update the doc on how to resolve the error for windows environments.
PS - I have found a good article on the error - https://aboutssl.org/fix-ssl-certificate-problem-unable-to-get-local-issuer-certificate/
@sacOO7 so do you know what the root cause of the verification issue is?
@sacOO7 so do you know what the root cause of the verification issue is?
Yeah, downloading and updating SSL
certificate as per https://aboutssl.org/fix-ssl-certificate-problem-unable-to-get-local-issuer-certificate/ fixed my issue. I think issue might be common for windows machines since the entry for the local/client SSL certificate was empty in php.ini
.
Interesting. I notice we only run integration tests in CI on Ubuntu runners at the moment. Perhaps we should add Windows to that mix.
~- Disabled SSL certificate while sending a request to Ably Sandbox.~ ~- Fixed error
[SSL certificate error: unable to get local issuer certificate]
~CURL
specific errors.[SSL certificate error: unable to get local issuer certificate]