search

sebastianbergmann / phpunit-mink-trait

Trait that provides a minimal integration layer for using Mink in PHPUnit test cases
Other
12 stars 3 forks source link

Configure Mink / Goutte / Guzzle to allow self-signed SSL certificates #1

Closed sebastianbergmann closed 8 years ago

sebastianbergmann commented 8 years ago

After a bit of digging through the code of Mink, Goutte, and Guzzle, I think that probably something like this will be needed:

use Behat\Mink\Session;
use Behat\Mink\Driver\Goutte\Client as GoutteClient;
use Behat\Mink\Driver\GoutteDriver;
use GuzzleHttp\Client as GuzzleClient;

$client = new GoutteClient;
$client->setClient(
    new GuzzleClient(
        [
            'defaults' => [
                'allow_redirects' => false,
                'cookies'         => true
            ]
        ]
    )
);

$session = new Session(new GoutteDriver($client));

But where do I set which option to disable peer verification / allow self-signed SSL certificates?

@stof @fabpot @mtdowling: Any help appreciated. Thanks!

stof commented 8 years ago

@sebastianbergmann have you seen https://github.com/minkphp/phpunit-mink ?

stof commented 8 years ago

regarding self-signed certificates, I cannot answer. This is not handled at the Mink or Goutte level, but at the Guzzle one (and the way to specify such curl option changed in approximately each major version of Guzzle)

sebastianbergmann commented 8 years ago

@stof Yes, but that was "too much" back when I started working on this. And it cannot be used as a trait.

sebastianbergmann commented 8 years ago

@stof Yes, I found different answers to my question for different versions of Guzzle on StackOverflow, for instance. None of them work with the current version of Guzzle, though. Hopefully @mtdowling can help.

stof commented 8 years ago

@sebastianbergmann try the followingif you are using Guzzle 6:

$client->setClient(
    new GuzzleClient(
        [
                'allow_redirects' => false,
                'cookies'         => true,
                'verify' => false
        ]
    )
);

And the defaults key in the GuzzleClient config is not used anymore (it was the Guzzle 5 way)

mtdowling commented 8 years ago

You can disable validation generically across all Guzzle adapters using 'verify' => false: http://docs.guzzlephp.org/en/latest/request-options.html#verify. Note though that this disable all verification.

You can also specify cURL specific options if you know you're using cURL: http://docs.guzzlephp.org/en/latest/faq.html#how-can-i-add-custom-curl-options.

$client->setClient(
    new GuzzleClient([
        'allow_redirects' => false,
        'cookies'         => true,
        'curl' => [
            CURLOPT_VERIFYPEER => false
        ]
    ])
);

There are many other suggestions on how to deal with self-signed certificates in the cURL documentation (note that the advice isn't entirely curl specific): http://curl.haxx.se/docs/sslcerts.html