PHP Curl access to HTTPS using detailed _php tutorial

Three years ago wrote a "A simple PHP support HTTPS package function", at that time just know it does not know why, today to detailed comb.

HTTPS Server Post data

Code to copy code as follows
function Curlpost ($url, $data, $timeout = 30)
{
$ssl = substr ($url, 0, 8) = = "https://"? True:false;
$ch = Curl_init ();
$opt = Array (
Curlopt_url = $url,
Curlopt_post = 1,
Curlopt_header = 0,
Curlopt_postfields = (array) $data,
Curlopt_returntransfer = 1,
Curlopt_timeout = $timeout,
);
if ($SSL)
{
$opt [Curlopt_ssl_verifyhost] = 1;
$opt [Curlopt_ssl_verifypeer] = FALSE;
}
Curl_setopt_array ($ch, $opt);
$data = curl_exec ($ch);
Curl_close ($ch);
return $data;
}
$data = Curlpost (' https://www.bKjia.c0m ', Array (' p ' = = ' Hello '));
Echo ($data);

-----------------------------I'm a split line--------------------------------

In fact, this is to tell the server not to SSL authentication, not really go HTTPS

If you want to really use HTTPS, you need to provide a CA certificate

The above about SSL section is set as follows:

Code to copy code as follows
01.curlopt_ssl_verifypeer set to True to indicate SSL certificate authentication
02.curlopt_ssl_verifyhost is set to 2, which means strict authentication
03.curlopt_cainfo set as the path to the certificate

For the convenience of explanation, first on the code bar ~ This is today a re-encapsulation of a function

Code to copy code as follows
/**
* Curl POST
*
* @param string URL
* @param array data
* @param int Request time-out
* Strict authentication when @param bool HTTPS
* @return String
*/
function Curlpost ($url, $data = Array (), $timeout = +, $CA = True) {

$cacert = GETCWD (). '/cacert.pem '; CA Root Certificate
$SSL = substr ($url, 0, 8) = = "https://"? True:false;

$ch = Curl_init ();
curl_setopt ($ch, Curlopt_url, $url);
curl_setopt ($ch, Curlopt_timeout, $timeout);
curl_setopt ($ch, Curlopt_connecttimeout, $timeout-2);
if ($SSL && $CA) {
curl_setopt ($ch, Curlopt_ssl_verifypeer, true); Trust only certificates issued by CAS
curl_setopt ($ch, Curlopt_cainfo, $cacert); CA root certificate (used to verify whether the website certificate was issued by a CA)
curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Checks whether the domain name is set in the certificate and matches the host name provided
} else if ($SSL &&! $CA) {
curl_setopt ($ch, Curlopt_ssl_verifypeer, false); Trust any Certificate
curl_setopt ($ch, Curlopt_ssl_verifyhost, 1); Check whether the domain name is set in the certificate
}
curl_setopt ($ch, Curlopt_returntransfer, true);
curl_setopt ($ch, Curlopt_httpheader, Array (' Expect: ')); Avoid data over-length issues
curl_setopt ($ch, Curlopt_post, true);
curl_setopt ($ch, Curlopt_postfields, $data);
curl_setopt ($ch, Curlopt_postfields, Http_build_query ($data)); Data with UrlEncode

$ret = curl_exec ($ch);
Var_dump (Curl_error ($ch)); View error messages

Curl_close ($ch);
return $ret;
}

If the URL address is the beginning of HTTPS, then go to SSL, or go to the normal HTTP protocol.

Is it safe to take the HTTPS? In fact, SSL also has a different degree of authentication.

For example, do you need to verify the common name in the certificate? (BTW: The common name (Common name) is generally filled in with the domain name (domain) or subdomain (sub domain) that you will be applying for the SSL certificate. ）

Do you need to verify the host name?

Are any certificates trusted or are they only trusted by the CA?

(I wipe, the battery is almost out of order, only to pick up the key to say--| | | ）

If the website SSL certificate buys a CA (usually more expensive), then access can use more stringent authentication, namely:

Code to copy code as follows
curl_setopt ($ch, Curlopt_ssl_verifypeer, true); Trust only certificates issued by CAS
curl_setopt ($ch, Curlopt_cainfo, $cacert); CA root certificate (used to verify whether the website certificate was issued by a CA)
curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Checks whether the domain name is set in the certificate and matches the host name provided

If the website's certificate is generated by itself, or if it is requested by a small organization on the internet, then if strict authentication is used, it will not pass and return false directly. (By the return false, you can print Curl_error ($ch) to see the specific error message. At this point, you can ensure normal access by reducing the level of validation, for example:

Code to copy code as follows

2 curl_setopt ($ch, Curlopt_ssl_verifyhost, 1);

Check whether the domain name is set in the certificate (0 is also possible, that is, even if the domain name exists or not verified)
Usually when we use a browser to access each HTTPS website, sometimes we will encounter the certificate is not trusted, in fact, because the certificate of these sites is not a regular CA authority promulgated.

The list of CA root certificates is built into various browsers on the market, and when you visit a website that has a CA-issued certificate, the certificates for those sites are validated against the root certificate, so there is no such hint.

The CA root certificate file, in fact, contains the public key certificates for each of the major CA agencies to verify that the certificate for the website is issued by these agencies

For more detailed information, please see: http://www.bKjia.c0m/phper/php/57145.htm

http://www.bkjia.com/PHPjc/714730.html www.bkjia.com true http://www.bkjia.com/PHPjc/714730.html techarticle three years ago wrote a "A simple PHP support HTTPS package function", at that time just know it does not know why, today to detailed comb. HTTPS server Post data code ...

