HTTPS server post data
code is as follows |
&nbs P; |
Function Curlpost ($url, $data, $timeout =) { &nbs p; $ssl = substr ($url, 0, 8) = = "https://"? True:false; $ch = Curl_init (); $opt = Array ( curlopt _url => $url, curlopt_post => 1, curlopt_header => 0, curlopt_ postfields => (Array) $data, curlopt_returntransfer => 1, curlopt_timeout => $timeout, ); if ($ssl) { $opt [ Curlopt_ssl_verifyhost] = 1; $opt [Curlopt_ssl_verifypeer] = FALSE; } curl_setopt_array ($ch, $opt); $data = curl_exec ($ch); curl_close ($ch); return $data; } $data = Curlpost (' https://www.111cn.net ', Array (' P ' => ' Hello ')); Echo ($data); |
-----------------------------I'm a split line--------------------------------
In fact, this is to tell the server does not do SSL authentication, not really go HTTPS
If you want to really use HTTPS, you need to provide a CA certificate
The SSL section above is set according to the following:
The code is as follows |
|
01.curlopt_ssl_verifypeer set to True for SSL certificate authentication 02.curlopt_ssl_verifyhost set to 2, instructions for strict certification 03.curlopt_cainfo set as the path to the certificate |
To facilitate the description, first code It ~ This is a function that is encapsulated today
The code is as follows |
|
/**
* Curl POST
*
* @param string URL
* @param array Data
* @param int Request Timeout Time
* @param bool HTTPS when the strict certification
* @return String
*/
function Curlpost ($url, $data = Array (), $timeout =, $CA = True) {
$cacert = GETCWD (). '/cacert.pem '; CA Root Certificate
$SSL = substr ($url, 0, 8) = = "https://"? True:false;
$ch = Curl_init ();
curl_setopt ($ch, Curlopt_url, $url);
curl_setopt ($ch, Curlopt_timeout, $timeout);
curl_setopt ($ch, Curlopt_connecttimeout, $timeout-2);
if ($SSL && $CA) {
curl_setopt ($ch, Curlopt_ssl_verifypeer, true); Trust only certificates issued by CAS
curl_setopt ($ch, Curlopt_cainfo, $cacert); CA Root certificate (whether the site certificate used to authenticate is issued by CA)
curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Check to see if the domain name is set in the certificate and if it matches the host name provided
} else if ($SSL &&! $CA) {
curl_setopt ($ch, Curlopt_ssl_verifypeer, false); Trust any certificate
curl_setopt ($ch, Curlopt_ssl_verifyhost, 1); Check whether the domain name is set in the certificate
}
curl_setopt ($ch, Curlopt_returntransfer, true);
curl_setopt ($ch, Curlopt_httpheader, Array (' Expect: ')); Avoid the problem of too long data
curl_setopt ($ch, Curlopt_post, true);
curl_setopt ($ch, Curlopt_postfields, $data);
//curl_setopt ($ch, Curlopt_postfields, Http_build_query ($data)); Data with UrlEncode
$ret = curl_exec ($ch);
//var_dump (Curl_error ($ch)); View error Information
curl_close ($ch);
return $ret;
} |
If the URL address is HTTPS, go to SSL, or go to the normal HTTP protocol.
Is it safe to go with https? In fact, SSL has different degrees of authentication.
For example, do you need to verify the common name in the certificate? (BTW: The common name (Common name) is generally the domain name (field) or subdomain (sub domain) in which you will request an SSL certificate. )
Do you want to verify the host name?
Is any certificate trusted or trusted only by a CA?
(I wipe, the battery is almost no point, only pick up the key to say--| | |)
If your Web site SSL certificate buys a CA (usually more expensive), you can access it with a more stringent authentication, namely:
The code is as follows |
|
curl_setopt ($ch, Curlopt_ssl_verifypeer, true); Trust only certificates issued by CAS curl_setopt ($ch, Curlopt_cainfo, $cacert); CA Root certificate (the site certificate used to authenticate is issued by CA) curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Checks whether the domain name is set in the certificate and matches the supplied host name |
If the certificate of the website is generated by itself, or is applied by a small organization on the Internet, then the access will not pass if strict authentication is used, and return false directly. (yes, you can print Curl_error ($ch) to view specific error messages when you return FALSE. At this point, you can ensure normal access by reducing the degree of validation, for example:
The code is as follows |
|
2 curl_setopt ($ch, Curlopt_ssl_verifyhost, 1); |
Check whether the domain name is set in the certificate (0 is also OK, even if the domain name exists or not verified)
Usually we use the browser to access each HTTPS site, sometimes encountered certificates are not trusted prompts, in fact, because the certificate of these sites is not a formal CA issued by the agency.
The various browsers in the market have built-in CA root certificate list information, access to the site where the CA issued the certificate, the certificate of the site will be verified according to the root certificate, so there will be no this hint.
The CA root certificate file, in fact, contains the public key certificates of each of the major CA institutions that are used to verify that the certificate of the Web site is issued by these organizations