4

I am trying to bring Behat to a https secured project and mink fails when initiating curl request.

Scenario: Loggin in                              # features/debt.feature:6
    Given I am on "/"                              # FeatureContext::visit()
      [curl] 51: SSL: certificate subject name 'ubuntu' does not match target host name 'wizard' [url] https://wizard/admin/dev.php/ [info] array (
        'url' => 'https://wizard/admin/dev.php/',
        'content_type' => NULL,
        'http_code' => 0,
        'header_size' => 0,
        'request_size' => 0,
        'filetime' => -1,
        'ssl_verify_result' => 1,
        'redirect_count' => 0,
        'total_time' => 0.061943,
        'namelookup_time' => 0.000234,
        'connect_time' => 0.000344,
        'pretransfer_time' => 0,
        'size_upload' => 0,
        'size_download' => 0,
        'speed_download' => 0,
        'speed_upload' => 0,
        'download_content_length' => -1,
        'upload_content_length' => -1,
        'starttransfer_time' => 0,
        'redirect_time' => 0,
        'certinfo' => 
        array (
        ),
      ) [debug] * About to connect() to wizard port 443 (#0)
      *   Trying 127.0.0.1... * connected
      * Connected to wizard (127.0.0.1) port 443 (#0)
      * successfully set certificate verify locations:
      *   CAfile: none
        CApath: /etc/ssl/certs
      * SSL connection using DHE-RSA-AES256-SHA
      * Server certificate:
      *      subject: CN=ubuntu
      *      start date: 2011-05-23 08:26:04 GMT
      *      expire date: 2021-05-20 08:26:04 GMT
      * SSL: certificate subject name 'ubuntu' does not match target host name 'wizard'
      * Closing connection #0

The problem can be solved by setting these 2 curl parameters:

CURLOPT_SSL_VERIFYPEER = false
CURLOPT_CERTINFO = false

I know that Mink is internally uses guzzle, which initiates curl requests. How do I correctly instantiate guzzle client with curl options?

Carlos Granados
  • 11,273
  • 1
  • 38
  • 44
Dziamid
  • 11,225
  • 12
  • 69
  • 104

4 Answers4

5

Yes, it's known problem and the only solution for now is something like this in your behat.yml:

default:
    paths:
        features: .
        bootstrap: %behat.paths.features%/bootstrap    
    extensions:
        Behat\MinkExtension\Extension:
            base_url: http://yourhost/
            goutte:
                guzzle_parameters:
                    ssl.certificate_authority: system
                    curl.options:
                        64: false   # CURLOPT_SSL_VERIFYPEER
                        172: false  # CURLOPT_CERTINFO
Denis Sheremetov
  • 76
  • 1
  • 4
3

For now what you need to set in behat.yml is this:

default:
  extensions:
    Behat\MinkExtension\Extension:
      goutte:
        guzzle_parameters:
          curl.options:
             CURLOPT_SSL_VERIFYPEER: 0
             CURLOPT_CERTINFO: 0
             CURLOPT_SSL_VERIFYHOST: 0
          ssl.certificate_authority: system

After this pull request https://github.com/guzzle/guzzle/pull/498 is merged you will be able to just do:

default:
  extensions:
    Behat\MinkExtension\Extension:
      goutte:
        guzzle_parameters:
          ssl.certificate_authority: false

Please note that I am using string constants instead of integer ones as they are way more readable. You don't have to use integers here as the proper constant/integer conversion is done inside Guzzle.

Also, I've added CURLOPT_SSL_VERIFYHOST which will solve your problem.

zalex007
  • 81
  • 3
0

Mink uses Goutte which internally initialises Guzzle (see: https://github.com/fabpot/Goutte/blob/master/Goutte/Client.php#L45).

Here's how you could initialise Guzzle to solve your issue: https://github.com/fabpot/Goutte/issues/63#issuecomment-6371727

While there are multiple ways of solving this issue the simplest solutions I can see now are

Other (maybe cleaner) way would be altering service definition with a compiler pass and make it to call setClient().

Jakub Zalas
  • 35,761
  • 9
  • 93
  • 125
  • Hey, grad you responded. I've seen your post on githug, but wondered if behat.yml can be used pass parameters to goutte and guzzle? Isn't `behat.mink.goutte.server_parameters` what we need? – Dziamid Jul 17 '12 at 15:47
  • Oh, I got GuzzleClient is instanciated without any parameters. – Dziamid Jul 17 '12 at 16:35
  • Where exactly do you call setClient() ? – Dziamid Jul 17 '12 at 16:52
  • It's not my post on github btw. You can either call setClient() somewhere you have access to Goutte (context, which is not nice but should get you going) or implement a compiler pass (requires writing a Behat extension, more complex stuff). – Jakub Zalas Jul 17 '12 at 17:45
  • You could also send a PR for MinkExtension to make this configurable in behat.yml. – Jakub Zalas Jul 17 '12 at 17:46
0

my solution: 

/**
 *
 * @BeforeScenario
 * @return void
 */
public function doNotCheckSsl()
{
    $strUrl = $this->getMinkParameter( 'base_url' );
    $objGuzzleClient = new GuzzleClient( $strUrl );
    $objGuzzleClient->setSslVerification( false, false, 0 );
    $objClient = new GoutteClient();
    $objDriver = new GoutteDriver( $objClient );
    $objClient->setClient( $objGuzzleClient );

    $objSession = new Session( $objDriver );
    $objSession->start();
    $this->getMink()->registerSession( 'sess', $objSession );
    $this->getMink()->setDefaultSessionName( 'sess' );
}
wrgh
  • 1