PHP客户端验证https证书
问题描述:
我需要创建一个充当客户端的php并使用https下的一些Web服务。
我的问题是我还要验证服务器证书。我需要知道我有正确的服务器,并且没有一个中间充当服务器。
有人可以帮帮我吗?
I need to create a php that will act as a client and use some web services under https. My Problem is that I also want to verify the server certificate.I need to know that I have the right server and that there is no one the middle that acts as the server. Can someone help me please?
谢谢!
答
如果您有卷曲扩展名,可以将其配置为在连接时验证证书。
If you have the curl extension, it can be configured to verify a certificate on connection.
http://php.net/manual/en/function.curl-setopt.php
// As of writing this, Twitter uses Verisign, Google uses Eqifax
$exampleUrl = 'https://twitter.com/'; // Success
$exampleUrl = 'https://google.com/'; // Fails
// create a new CURL resource
$ch = curl_init($exampleUrl);
// enable verification
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
// list of CAs to trust
// If the remote site has a specific CA, they usually have a .crt
// file on their site you can download. Or you can export key items from
// some browsers.
// In this example, using: Verisign [1]
curl_setopt($ch, CURLOPT_CAINFO, __DIR__ . '/ca_bundle.crt');
// - or -
curl_setopt($ch, CURLOPT_CAPATH, __DIR__ . '/ca_certs/');
// If the remote site uses basic auth:
curl_setopt($ch, CURLOPT_USERPWD, $username . ':' . $password);
// And a helpful option to enable while debugging
//curl_setopt($ch, CURLOPT_VERBOSE, true);
// defaults to stdout, don't want that for this case.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$page = curl_exec($ch);
[1] http://www.verisign.com/support/verisign-intermediate-ca/extended-validation/apache/