initialize(); echo "=== 甘草 SSL 连接测试 ===\n\n"; // 获取配置 $config = think\facade\Config::get('gancao_scm', []); $gatewayUrl = $config['gateway_url'] ?? ''; if ($gatewayUrl === '') { echo "❌ 错误:未配置 GANCAO_SCM_GATEWAY_URL\n"; exit(1); } echo "网关地址: {$gatewayUrl}\n\n"; // 解析 URL $urlParts = parse_url($gatewayUrl); $host = $urlParts['host'] ?? ''; $port = $urlParts['port'] ?? ($urlParts['scheme'] === 'https' ? 443 : 80); echo "1. DNS 解析测试:\n"; $ip = gethostbyname($host); if ($ip === $host) { echo " ❌ DNS 解析失败\n"; } else { echo " ✓ {$host} -> {$ip}\n"; } echo "\n2. TCP 连接测试:\n"; $socket = @fsockopen($host, $port, $errno, $errstr, 10); if (!$socket) { echo " ❌ TCP 连接失败: [{$errno}] {$errstr}\n"; } else { echo " ✓ TCP 连接成功\n"; fclose($socket); } echo "\n3. SSL/TLS 支持检测:\n"; $sslVersions = [ 'SSLv2' => STREAM_CRYPTO_METHOD_SSLv2_CLIENT, 'SSLv3' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT, 'TLS 1.0' => STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT, 'TLS 1.1' => STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT, 'TLS 1.2' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT, ]; if (defined('STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT')) { $sslVersions['TLS 1.3'] = STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT; } foreach ($sslVersions as $name => $method) { echo " - {$name}: "; $context = stream_context_create([ 'ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, ] ]); $fp = @stream_socket_client( "ssl://{$host}:{$port}", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $context ); if ($fp) { echo "✓ 支持\n"; fclose($fp); } else { echo "✗ 不支持\n"; } } echo "\n4. cURL SSL 测试:\n"; $testConfigs = [ 'HTTP/1.0 + TLS 1.2' => [ CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_0, CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2, ], 'HTTP/1.1 + TLS 1.2' => [ CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2, ], 'HTTP/1.1 + TLS 1.2 + SECLEVEL=1' => [ CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2, CURLOPT_SSL_CIPHER_LIST => 'DEFAULT@SECLEVEL=1', ], 'HTTP/2 + TLS 1.2' => [ CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_2_0, CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2, ], ]; if (defined('CURL_SSLVERSION_TLSv1_3')) { $testConfigs['HTTP/1.1 + TLS 1.3'] = [ CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_3, ]; } foreach ($testConfigs as $name => $options) { echo " 测试 {$name}:\n"; $ch = curl_init($gatewayUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); // HEAD 请求 foreach ($options as $opt => $val) { curl_setopt($ch, $opt, $val); } $result = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); $errno = curl_errno($ch); $error = curl_error($ch); if ($errno === 0) { echo " ✓ 成功 (HTTP {$httpCode})\n"; } else { echo " ❌ 失败: [{$errno}] {$error}\n"; } curl_close($ch); } echo "\n5. OpenSSL 版本信息:\n"; $opensslVersion = OPENSSL_VERSION_TEXT; echo " 版本: {$opensslVersion}\n"; echo "\n6. cURL 版本信息:\n"; $curlVersion = curl_version(); echo " 版本: {$curlVersion['version']}\n"; echo " SSL 版本: {$curlVersion['ssl_version']}\n"; echo " 支持的协议: " . implode(', ', $curlVersion['protocols']) . "\n"; echo "\n7. 测试实际 API 调用 (MAKE_TOKEN):\n"; try { $token = \app\common\service\gancao\GancaoScmRecipelService::getToken(true); if ($token !== null && $token !== '') { echo " ✓ 成功获取 token (长度: " . strlen($token) . ")\n"; echo " Token 前20字符: " . substr($token, 0, 20) . "...\n"; } else { $error = \app\common\service\gancao\GancaoScmRecipelService::getLastGetTokenError(); echo " ❌ 获取 token 失败: {$error}\n"; } } catch (\Throwable $e) { echo " ❌ 异常: " . $e->getMessage() . "\n"; } echo "\n=== 测试完成 ===\n\n"; echo "建议:\n"; echo "1. 如果 TLS 1.2 测试失败,请升级 OpenSSL 到 1.0.2 或更高版本\n"; echo "2. 如果所有测试都失败,请检查防火墙和网络连接\n"; echo "3. 如果只有特定配置失败,请使用成功的配置\n"; echo "4. 联系甘草技术支持确认他们的 SSL/TLS 要求\n";