Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

增加HttpProfile中对https请求是否进行严格验证的选项 #82

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

增加HttpProfile中对https请求是否进行严格验证的选项 #82

wants to merge 3 commits into from

Conversation

LaoQi
Copy link

@LaoQi LaoQi commented Nov 3, 2020

暴露出GuzzleHttp库对ssl证书验证行为的选项,方便调试
https://docs.guzzlephp.org/en/stable/request-options.html#verify

$cred = new Credential("secretId", "secretKey");
$httpProfile = new HttpProfile();
//$httpProfile->setVerify("path/to/cert");
$httpProfile->setVerify(false); // skip
$clientProfile = new ClientProfile(null, $httpProfile);
$client = new CvmClient($cred, "ap-guangzhou", $clientProfile);

zqfan
zqfan requested changes Nov 4, 2020
View reviewed changes
src/TencentCloud/Common/Profile/HttpProfile.php
/**
* @var string|bool 请求时验证SSL证书行为
*/
private $verify;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

构造函数里给一个初始值,默认应该是开启检查

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

即使无初始值,默认是开启检查,不过严谨起见还是加入初始值吧。
文档给出的默认值为GuzzleHttp\RequestOptions::VERIFY
就是这个参数是否需要作为构造函数的输入参数之一?

public function __construct($protocol = null, $endpoint = null, $reqMethod = null,  $reqTimeout = null, $verify = RequestOptions::VERIFY)
    {
        $this->reqMethod = $reqMethod ? $reqMethod : HttpProfile::$REQ_POST;
        $this->endpoint = $endpoint;
        $this->reqTimeout = $reqTimeout ? $reqTimeout : HttpProfile::$TM_MINUTE;
        $this->protocol = $protocol ? $protocol : HttpProfile::$REQ_HTTPS;
        $this->verify = $verify;
    }

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

一般不会用到,感觉构造函数的参数列表太长了。

@zqfan
Copy link
Member

zqfan commented Nov 5, 2020

那等我验证下,在做决定把

@LaoQi
Copy link
Author

LaoQi commented Nov 5, 2020

我先提交一份最少变更的上来吧,变更参数的这些后续再根据情况考虑
仅在构造函数赋值,其他没有变更。

public function __construct($protocol = null, $endpoint = null, $reqMethod = null,  $reqTimeout = null)
    {
        $this->reqMethod = $reqMethod ? $reqMethod : HttpProfile::$REQ_POST;
        $this->endpoint = $endpoint;
        $this->reqTimeout = $reqTimeout ? $reqTimeout : HttpProfile::$TM_MINUTE;
        $this->protocol = $protocol ? $protocol : HttpProfile::$REQ_HTTPS;
        $this->verify = RequestOptions::VERIFY;
    }

@tianyiw2013
Copy link

为什么不合并呢??? @zqfan
测试环境下php.ini不设置证书会报错:

cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://tmt.tencentcloudapi.com/

希望尽可合并!谢谢。

tianyiw2013
tianyiw2013 approved these changes Mar 26, 2022
View reviewed changes
Copy link

@tianyiw2013 tianyiw2013 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

请尽早合并❤️

@tianyiw2013 tianyiw2013 mentioned this pull request Mar 26, 2022
Closed
@tianyiw2013
Copy link

或者你们也可以直接提供CA根证书文件啊。
https://curl.haxx.se/ca/cacert.pem直接放到你们源码里,$this->verify = "cacert.pem";
这样大家都不用担心这个问题。🤣

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zqfan zqfan zqfan requested changes

@tianyiw2013 tianyiw2013 tianyiw2013 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LaoQi @zqfan @tianyiw2013