PHP uses curl to access HTTPS samples to share _php instances

For the convenience of illustration, first go to the code.

Copy Code code as follows:

/**
* Curl POST
*
* @param string URL
* @param array data
* @param int Request Timeout
* Strict authentication @param bool HTTPS
* @return String
*/
function Curlpost ($url, $data = Array (), $timeout = =, $CA = True) {

$cacert = GETCWD (). '/cacert.pem '; CA Root Certificate
$SSL = substr ($url, 0, 8) = = "https://"? True:false;

$ch = Curl_init ();
curl_setopt ($ch, Curlopt_url, $url);
curl_setopt ($ch, Curlopt_timeout, $timeout);
curl_setopt ($ch, Curlopt_connecttimeout, $timeout-2);
if ($SSL && $CA) {
curl_setopt ($ch, Curlopt_ssl_verifypeer, true); Trust only certificates issued by CAS
curl_setopt ($ch, Curlopt_cainfo, $cacert); CA Root certificate (the site certificate used to authenticate is issued by CA)
curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Checks whether the domain name is set in the certificate and matches the supplied host name
else if ($SSL &&! $CA) {
curl_setopt ($ch, Curlopt_ssl_verifypeer, false); Trust any Certificate
curl_setopt ($ch, Curlopt_ssl_verifyhost, 1); Check whether the domain name is set in the certificate
}
curl_setopt ($ch, Curlopt_returntransfer, true);
curl_setopt ($ch, Curlopt_httpheader, Array (' Expect: ')); Avoid Long data problems
curl_setopt ($ch, Curlopt_post, true);
curl_setopt ($ch, Curlopt_postfields, $data);
curl_setopt ($ch, Curlopt_postfields, Http_build_query ($data)); Data with UrlEncode

$ret = curl_exec ($ch);
Var_dump (Curl_error ($ch)); View error Information

Curl_close ($ch);
return $ret;
}

If the URL address is HTTPS, go to SSL, or go to the normal HTTP protocol.

Is it safe to go with https? In fact, SSL also has a different degree of verification.

For example, do you need to verify the common name in the certificate? (BTW: The common name (Common name) is generally the domain name (field) or subdomain (sub domain) in which you will request an SSL certificate. ）

Do you want to verify the host name?

Is any certificate trusted or trusted only by a CA?

(I wipe, the battery is almost no point, only pick up the key to say--| | | ）

If your Web site SSL certificate buys a CA (usually more expensive), you can access it with a more stringent authentication, namely:

Copy Code code as follows:

curl_setopt ($ch, Curlopt_ssl_verifypeer, true); Trust only certificates issued by CAS
curl_setopt ($ch, Curlopt_cainfo, $cacert); CA Root certificate (the site certificate used to authenticate is issued by CA)
curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Checks whether the domain name is set in the certificate and matches the supplied host name

If the certificate of the website is generated by itself, or is applied by a small organization on the Internet, then the access will not pass if strict authentication is used, and return false directly. (yes, you can print Curl_error ($ch) to view specific error messages when you return FALSE. At this point, you can ensure normal access by reducing the degree of validation, for example:

Copy Code code as follows:

curl_setopt ($ch, Curlopt_ssl_verifypeer, false); Trust any Certificate
curl_setopt ($ch, Curlopt_ssl_verifyhost, 1); Check whether the domain name is set in the certificate (0 is also OK, even if the domain name exists or not verified)

Usually we use the browser to access each HTTPS site, sometimes encountered certificates are not trusted prompts, in fact, because the certificate of these sites is not a formal CA issued by the agency.

The various browsers in the market have built-in CA root certificate list information, access to the site where the CA issued the certificate, the certificate of the site will be verified according to the root certificate, so there will be no this hint.

The CA root certificate file, in fact, contains the public key certificates of each of the major CA institutions that are used to verify that the certificate of the Web site is issued by these organizations.

The file here is derived from Mozilla's source tree and converted to a PEM format certificate file. (Everyone can download the ready-made HTTP://CURL.HAXX.SE/CA/CACERT.PEM here)

The last thing to say is nothing to do with SSL:

Copy Code code as follows:

curl_setopt ($ch, Curlopt_httpheader, Array (' Expect: '));

This is mainly to solve the post time data is too long problem