Victoriabank test payment gateway has incomplete SSL certificate chain and breaks onboarding tests

[alexminza]

https://www.ssllabs.com/ssltest/analyze.html?d=ecomt.victoriabank.md&latest

Compare to the production gateway configuration: https://www.ssllabs.com/ssltest/analyze.html?d=egateway.victoriabank.md&latest

The problem arises only for the Complete/Reverse payments steps because they use the PHP file_get_contents function to perform the web request, while the Authorize functionality is performed by the user browser, which will fallback and complete the certificate chain in such cases.

A way to disable SSL verification for test gateway only is needed to allow new users to perform the onboarding technical tests and promote their project into production payment gateway.

This could be achieved by conditionally (only in DEBUG/TEST modes) adding the following parameters on the request() function stream context options for the CompletionRequest and ReversalRequest classes:

'ssl' => [
    "verify_peer" => false,
    "verify_peer_name" => false,
]

[alexminza]

One possibility would be to use the existing Request->_debugMode parameter:

if($this->_debugMode) {
    #Disable gateway SSL certificate verification in DEBUG mode
    $options['ssl'] = [
        "verify_peer" => false,
        "verify_peer_name" => false,
    ];
}

Reference: https://github.com/Fruitware/VictoriaBankGateway/blob/master/src/VictoriaBank/Completion/CompletionRequest.php#L107

[alexminza]

Or introduce an additional setting similar to Request->_debugMode:
Request->_sslVerify

[alexminza]

Addressed by pull request #13