Php curl for HTTPS access

I wrote a simple php curl encapsulation function that supports HTTPS three years ago. At that time, I only knew why. Now I will take a look at it in detail.

Https Server post Data

The Code is as follows:
Function curlPost ($ url, $ data, $ timeout = 30)
{
$ Ssl = substr ($ url, 0, 8) = "https ://"? TRUE: FALSE;
$ Ch = curl_init ();
$ Opt = array (
CURLOPT_URL => $ url,
CURLOPT_POST => 1,
CURLOPT_HEADER => 0,
CURLOPT_POSTFIELDS => (array) $ data,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_TIMEOUT => $ timeout,
);
If ($ ssl)
{
$ Opt [CURLOPT_SSL_VERIFYHOST] = 1;
$ Opt [CURLOPT_SSL_VERIFYPEER] = FALSE;
}
Curl_setopt_array ($ ch, $ opt );
$ Data = curl_exec ($ ch );
Curl_close ($ ch );
Return $ data;
}
$ Data = curlPost ('https: // www. bKjia. c0m', array ('p' => 'hello '));
Echo ($ data );
 

----------------------------- I am a split line --------------------------------

In fact, this tells the server not to perform SSL authentication and does not actually Use HTTPS.

To Use HTTPS, you must provide a CA certificate.

The preceding settings for SSL are as follows:

The Code is as follows:
01. Setting CURLOPT_SSL_VERIFYPEER to true indicates SSL certificate authentication.
02. Set CURLOPT_SSL_VERIFYHOST to 2, which indicates strict authentication.
03. Set CURLOPT_CAINFO to the certificate path.
 

For the sake of convenience, go to the code first ~ This is a function reencapsulated today.

The Code is as follows:
/**
* Curl POST
*
* @ Param string url
* @ Param array data
* @ Param int request timeout
* @ Param bool whether strict HTTPS authentication is performed
* @ Return string
*/
Function curlPost ($ url, $ data = array (), $ timeout = 30, $ CA = true ){

$ Cacert = getcwd (). '/cacert. pem'; // CA root certificate
$ SSL = substr ($ url, 0, 8) = "https ://"? True: false;

$ Ch = curl_init ();
Curl_setopt ($ ch, CURLOPT_URL, $ url );
Curl_setopt ($ ch, CURLOPT_TIMEOUT, $ timeout );
Curl_setopt ($ ch, CURLOPT_CONNECTTIMEOUT, $ timeout-2 );
If ($ SSL & $ CA ){
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, true); // only trust the certificate issued by the CA
Curl_setopt ($ ch, CURLOPT_CAINFO, $ cacert); // CA root certificate (used to verify whether the website certificate is issued by CA)
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYHOST, 2); // check whether the domain name is set in the certificate and matches the provided Host Name
} Else if ($ SSL &&! $ CA ){
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, false); // trust any certificate
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYHOST, 1); // check whether the domain name is set in the certificate
}
Curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, true );
Curl_setopt ($ ch, CURLOPT_HTTPHEADER, array ('Expect CT: '); // prevents data from being too long
Curl_setopt ($ ch, CURLOPT_POST, true );
Curl_setopt ($ ch, CURLOPT_POSTFIELDS, $ data );
// Curl_setopt ($ ch, CURLOPT_POSTFIELDS, http_build_query ($ data); // data with URLEncode

$ Ret = curl_exec ($ ch );
// Var_dump (curl_error ($ ch); // view the error message

Curl_close ($ ch );
Return $ ret;
}
 

If the URL address is https headers, it adopts SSL; otherwise, it adopts the common HTTP protocol.

Is HTTPS secure? In fact, SSL also has different levels of verification.

For example, do you need to verify the public name in the certificate? (BTW: Common Name is generally used to fill in the domain Name or sub-domain you want to apply for an SSL certificate ).)

Do I need to verify the host name?

Does any certificate trust the certificate or just trust the certificate issued by the CA?

(I wiped my cell and the battery was almost out of order. I just said--|)

If the SSL certificate of a website is CA (usually expensive), you can use strict authentication during access, that is:

The Code is as follows:
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, true); // only trust the certificate issued by the CA
Curl_setopt ($ ch, CURLOPT_CAINFO, $ cacert); // CA root certificate (used to verify whether the website certificate is issued by CA)
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYHOST, 2); // check whether the domain name is set in the certificate and matches the provided Host Name
 

If the website certificate is generated by yourself or applied by a small online organization, if strict authentication is used during access, the system will not pass and return false directly. (If false is returned, you can print curl_error ($ ch) to view the specific error information .) In this case, you can reduce the authentication level to ensure normal access. For example:

 

The Code is as follows:
 

2 curl_setopt ($ ch, CURLOPT_SSL_VERIFYHOST, 1 );
 

// Check whether the domain name is set in the certificate (it can be set to 0, that is, the existence of the domain name is not verified)
When we use a browser to access various https websites, we sometimes encounter a message that the certificate is not trusted, because the certificate of these websites is not issued by a formal CA.

The CA root certificate list is embedded in various browsers on the market. When you access a website with a CA issued certificate, the certificate of these websites will be verified based on the root certificate, so this prompt will not be displayed.

The CA root certificate file actually contains the Public Key Certificates of various major CA organizations, used to verify whether the website certificate is issued by these organizations

For more details, see http://www.bKjia. c0m/phper/php/57145.htm