PHP Curl Access HTTPS usage

Source: Internet
Author: User
Tags cas curl ssl certificate sub domain

  HTTPS server post data

  code is as follows &nbs P;

Function Curlpost ($url, $data, $timeout =)
{
 &nbs p;  $ssl = substr ($url, 0, 8) = = "https://"? True:false;
    $ch = Curl_init ();
    $opt = Array (
            curlopt _url     => $url,
            curlopt_post    => 1,
            curlopt_header  => 0,
            curlopt_ postfields      => (Array) $data,
             curlopt_returntransfer  => 1,
            curlopt_timeout          => $timeout,
           );
    if ($ssl)
    {
        $opt [ Curlopt_ssl_verifyhost] = 1;
        $opt [Curlopt_ssl_verifypeer] = FALSE;
   }
    curl_setopt_array ($ch, $opt);
    $data = curl_exec ($ch);
    curl_close ($ch);
    return $data;
}
$data = Curlpost (' https://www.111cn.net ', Array (' P ' => ' Hello '));
Echo ($data);

-----------------------------I'm a split line--------------------------------

In fact, this is to tell the server does not do SSL authentication, not really go HTTPS

If you want to really use HTTPS, you need to provide a CA certificate

The SSL section above is set according to the following:

The code is as follows

01.curlopt_ssl_verifypeer set to True for SSL certificate authentication
02.curlopt_ssl_verifyhost set to 2, instructions for strict certification
03.curlopt_cainfo set as the path to the certificate

To facilitate the description, first code It ~ This is a function that is encapsulated today

The code is as follows

/** 


* Curl POST


 * 


* @param string URL


* @param array Data


* @param int Request Timeout Time


* @param bool HTTPS when the strict certification


* @return String


 */  


function Curlpost ($url, $data = Array (), $timeout =, $CA = True) {


  


$cacert = GETCWD (). '/cacert.pem '; CA Root Certificate


$SSL = substr ($url, 0, 8) = = "https://"?   True:false;


      


$ch = Curl_init ();


curl_setopt ($ch, Curlopt_url, $url);


curl_setopt ($ch, Curlopt_timeout, $timeout);


curl_setopt ($ch, Curlopt_connecttimeout, $timeout-2);


if ($SSL && $CA) {


curl_setopt ($ch, Curlopt_ssl_verifypeer, true); Trust only certificates issued by CAS


curl_setopt ($ch, Curlopt_cainfo, $cacert); CA Root certificate (whether the site certificate used to authenticate is issued by CA)


curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Check to see if the domain name is set in the certificate and if it matches the host name provided


} else if ($SSL &&! $CA) {


curl_setopt ($ch, Curlopt_ssl_verifypeer, false); Trust any certificate


curl_setopt ($ch, Curlopt_ssl_verifyhost, 1); Check whether the domain name is set in the certificate


    }  


curl_setopt ($ch, Curlopt_returntransfer, true);


curl_setopt ($ch, Curlopt_httpheader, Array (' Expect: ')); Avoid the problem of too long data


curl_setopt ($ch, Curlopt_post, true);


curl_setopt ($ch, Curlopt_postfields, $data);


//curl_setopt ($ch, Curlopt_postfields, Http_build_query ($data)); Data with UrlEncode


  


$ret = curl_exec ($ch);


//var_dump (Curl_error ($ch)); View error Information


  


curl_close ($ch);


return $ret;


}   

If the URL address is HTTPS, go to SSL, or go to the normal HTTP protocol.

Is it safe to go with https? In fact, SSL has different degrees of authentication.

For example, do you need to verify the common name in the certificate? (BTW: The common name (Common name) is generally the domain name (field) or subdomain (sub domain) in which you will request an SSL certificate. )

Do you want to verify the host name?

Is any certificate trusted or trusted only by a CA?

(I wipe, the battery is almost no point, only pick up the key to say--| | |)

If your Web site SSL certificate buys a CA (usually more expensive), you can access it with a more stringent authentication, namely:

The code is as follows

curl_setopt ($ch, Curlopt_ssl_verifypeer, true); Trust only certificates issued by CAS
curl_setopt ($ch, Curlopt_cainfo, $cacert); CA Root certificate (the site certificate used to authenticate is issued by CA)
curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Checks whether the domain name is set in the certificate and matches the supplied host name

If the certificate of the website is generated by itself, or is applied by a small organization on the Internet, then the access will not pass if strict authentication is used, and return false directly. (yes, you can print Curl_error ($ch) to view specific error messages when you return FALSE. At this point, you can ensure normal access by reducing the degree of validation, for example:

The code is as follows

2 curl_setopt ($ch, Curlopt_ssl_verifyhost, 1);

Check whether the domain name is set in the certificate (0 is also OK, even if the domain name exists or not verified)

Usually we use the browser to access each HTTPS site, sometimes encountered certificates are not trusted prompts, in fact, because the certificate of these sites is not a formal CA issued by the agency.

The various browsers in the market have built-in CA root certificate list information, access to the site where the CA issued the certificate, the certificate of the site will be verified according to the root certificate, so there will be no this hint.

The CA root certificate file, in fact, contains the public key certificates of each of the major CA institutions that are used to verify that the certificate of the Web site is issued by these organizations

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.