I understand that I can set the option on any specific instance, however what I would really like is to set something up php.ini or somewhere similar which will handle this across all projects and al开发者_运维百科l instances.
Does anyone know a way for me to accomplish this?
EDIT: I am particularly interested in a solution which will allow for the certificates to be in different locations on different servers.
I am developing on a Windows machine which needs this but deploying to a Linux server which not only doesn't need it but doesn't even have the path indicated.
I understand that I can use conditions to check where the code is running but would prefer to just have it work out of the box. It seems to me that this is really an issue for curl and PHP to handle rather than my code and hence the settings for it belong there.
I found the answer here (in the user notes): http://php.net/manual/en/function.curl-setopt.php
Just add this to you .ini (note: you cannot use ini_set
, although I don't know why you would want to. Thanks @Carlton):
curl.cainfo=c:\php\cacert.pem
And get that file from: http://curl.haxx.se/docs/caextract.html
Works and you aren't opening yourself up for MITM attacks
Here is a patch to 'emulate' what we can see on linux when a valid crt data has been found at build time (which is the case for almost all distros):
http://www.php.net/~pierre/patches/curl_cacert_default.txt
it adds a (system) ini settings to define the path to the cacert, curl.cainfo=c:\curl\ca.crt
cacert data can be fetched here: http://curl.haxx.se/docs/caextract.html
DLL for php 5.3 can be found here: http://www.php.net/~pierre/test/curl-5.3-vc9-x86-ts-nts-cainfodefault.zip DLL for php 5.2 can be found here: http://www.php.net/~pierre/test/curl-5.2-cainfodefault.zip
Please let me know how it works.
- download cacert.pem add to folder php
- copy url the place of file cacert.pem
[curl] curl.cainfo="C:/xampp/php/cacert.pem"
@Matt is right, but I would add that curl.cainfo is a PHP_INI_SYSTEM directive so you must set it in php.ini...using the ini_set function in a script will always return false as I found out after too many minutes of head banging
You could create a wrapper function which sets the option and use php.ini's auto_prepend_file to load the file it's defined in, but your code would have to be changed to use this wrapper function instead.
Example:
function my_curl_init($url=null) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_CAINFO, getcwd().'/cert/ca.crt');
return $ch;
}
精彩评论