开发者

PHP Client to verify https certificates

开发者 https://www.devze.com 2023-04-10 07:44 出处:网络
I need to create a php that will act as a client and use some web services under https. My Problem is that I also want to verify the server certificate.I need to know that I have the right server and

I need to create a php that will act as a client and use some web services under https. My Problem is that I also want to verify the server certificate.I need to know that I have the right server and that there is no one the middle that acts as the server. Ca开发者_开发百科n someone help me please?

Thanks!


If you have the curl extension, it can be configured to verify a certificate on connection.

http://php.net/manual/en/function.curl-setopt.php

// As of writing this, Twitter uses Verisign, Google uses Eqifax
$exampleUrl = 'https://twitter.com/'; // Success
$exampleUrl = 'https://google.com/';  // Fails

// create a new CURL resource
$ch = curl_init($exampleUrl);

// enable verification
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

// list of CAs to trust
// If the remote site has a specific CA, they usually have a .crt
// file on their site you can download.  Or you can export key items from
// some browsers.
// In this example, using: Verisign [1]
curl_setopt($ch, CURLOPT_CAINFO, __DIR__ . '/ca_bundle.crt');
// - or -
curl_setopt($ch, CURLOPT_CAPATH, __DIR__ . '/ca_certs/');

// If the remote site uses basic auth:
curl_setopt($ch, CURLOPT_USERPWD, $username . ':' . $password);

// And a helpful option to enable while debugging
//curl_setopt($ch, CURLOPT_VERBOSE, true);

// defaults to stdout, don't want that for this case.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$page = curl_exec($ch);

[1] http://www.verisign.com/support/verisign-intermediate-ca/extended-validation/apache/


It looks like as of Curl 7.10, this is all set to be checked by default now:
http://php.net/manual/en/function.curl-setopt.php


CURLOPT_SSL_VERIFYPEER

FALSE to stop cURL from verifying the peer's certificate. Alternate certificates to verify against can be specified with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option.

TRUE by default as of cURL 7.10. Default bundle installed as of cURL 7.10.


CURLOPT_SSL_VERIFYHOST

1 to check the existence of a common name in the SSL peer certificate. 2 to check the existence of a common name and also verify that it matches the hostname provided. In production environments the value of this option should be kept at 2 (default value).

0

精彩评论

暂无评论...
验证码 换一张
取 消