Php uses curl to access https example sharing

For the convenience of instructions, first go to the code

Copy codeThe Code is as follows:
/**
* Curl POST
*
* @ Param string url
* @ Param array data
* @ Param int request timeout
* @ Param bool whether strict HTTPS authentication is performed
* @ Return string
*/
Function curlPost ($ url, $ data = array (), $ timeout = 30, $ CA = true ){

$ Cacert = getcwd (). '/cacert. pem'; // CA root certificate
$ SSL = substr ($ url, 0, 8) = "https ://"? True: false;

$ Ch = curl_init ();
Curl_setopt ($ ch, CURLOPT_URL, $ url );
Curl_setopt ($ ch, CURLOPT_TIMEOUT, $ timeout );
Curl_setopt ($ ch, CURLOPT_CONNECTTIMEOUT, $ timeout-2 );
If ($ SSL & $ CA ){
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, true); // only trust the certificate issued by the CA
Curl_setopt ($ ch, CURLOPT_CAINFO, $ cacert); // CA root certificate (used to verify whether the website certificate is issued by CA)
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYHOST, 2); // check whether the domain name is set in the certificate and matches the provided Host Name
} Else if ($ SSL &&! $ CA ){
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, false); // trust any certificate
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYHOST, 1); // check whether the domain name is set in the certificate
}
Curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, true );
Curl_setopt ($ ch, CURLOPT_HTTPHEADER, array ('Expect CT: '); // prevents data from being too long
Curl_setopt ($ ch, CURLOPT_POST, true );
Curl_setopt ($ ch, CURLOPT_POSTFIELDS, $ data );
// Curl_setopt ($ ch, CURLOPT_POSTFIELDS, http_build_query ($ data); // data with URLEncode

$ Ret = curl_exec ($ ch );
// Var_dump (curl_error ($ ch); // view the error message

Curl_close ($ ch );
Return $ ret;
}

If the URL address is https headers, it adopts SSL; otherwise, it adopts the common HTTP protocol.

Is HTTPS secure? In fact, SSL also has different levels of verification.

For example, do you need to verify the public name in the certificate? (BTW: Common Name is generally used to fill in the domain Name or sub-domain you want to apply for an SSL certificate ).)

Do I need to verify the host name?

Does any certificate trust the certificate or just trust the certificate issued by the CA?

(I wiped my cell and the battery was almost out of order. I just said--|)

If the SSL certificate of a website is CA (usually expensive), you can use strict authentication during access, that is:

Copy codeThe Code is as follows:
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, true); // only trust the certificate issued by the CA
Curl_setopt ($ ch, CURLOPT_CAINFO, $ cacert); // CA root certificate (used to verify whether the website certificate is issued by CA)
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYHOST, 2); // check whether the domain name is set in the certificate and matches the provided Host Name

If the website certificate is generated by yourself or applied by a small online organization, if strict authentication is used during access, the system will not pass and return false directly. (If false is returned, you can print curl_error ($ ch) to view the specific error information .) In this case, you can reduce the authentication level to ensure normal access. For example:
Copy codeThe Code is as follows:
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, false); // trust any certificate
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYHOST, 1); // check whether the domain name is set in the certificate (it can be set to 0, that is, the existence of the domain name is not verified)

When we use a browser to access various https websites, we sometimes encounter a message that the certificate is not trusted, because the certificate of these websites is not issued by a formal CA.

The CA root certificate list is embedded in various browsers on the market. When you access a website with a CA issued certificate, the certificate of these websites will be verified based on the root certificate, so this prompt will not be displayed.

The CA root certificate file contains the Public Key Certificates of major CA organizations to verify whether the certificate of the website is issued by these organizations.

The file here is from the mozilla source code tree and converted into a PEM format certificate file. (You can download the ready-made http://curl.haxx.se/ca/cacert.pem here)

Finally, let's talk about something unrelated to SSL:
Copy codeThe Code is as follows:
Curl_setopt ($ ch, CURLOPT_HTTPHEADER, array ('ct :'));

This is mainly to solve the problem of excessive data size during POST.