PHP uses curl to access HTTPS sample sharing

Source: Internet
Author: User
Tags curl ssl certificate sub domain

 curl is an open source file Transfer tool that works with URL syntax at the command-line, and here's an example of how PHP uses curl to access HTTPS, and you can use it for reference.

To facilitate the description, first code bar   code as follows:/**   * Curl post   *   * @param   string  url  &nb sp;* @param   Array   data    * @param   int     Request Timeout time    * @param   BOOL & nbsp  https is strictly certified    * @return  string   */  function curlpost ($url, $data = Array (), $t Imeout = $CA = True) {          $cacert = GETCWD (). '/cacert.pem '; CA Root certificate       $SSL = substr ($url, 0, 8) = = "https://"? True:false;         $ch = Curl_init ();       curl_setopt ($ch, Curlopt_url, $url);       curl_setopt ($ch, Curlopt_timeout, $timeout);       curl_setopt ($ch, Curlopt_connecttimeout, $timeout-2);       if ($SSL && $CA) {          curl_setopt ($ch, Curlopt_ssl_verifypeer , true);  //Trust only CA issued certificates           curl_setopt ($cH, Curlopt_cainfo, $cacert); CA Root certificate (to verify that the site certificate is issued by CA)           curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Check to see if the domain name is set in the certificate and if it matches the host name provided      } else if ($SSL &&! $CA) {          CU Rl_setopt ($ch, Curlopt_ssl_verifypeer, false); Trust any certificates           curl_setopt ($ch, Curlopt_ssl_verifyhost, 1); Check the certificate for setting domain name      }       curl_setopt ($ch, Curlopt_returntransfer, true);       curl_setopt ($ch, Curlopt_httpheader, Array (' Expect: ')); Avoid data long problem       curl_setopt ($ch, Curlopt_post, true);       curl_setopt ($ch, Curlopt_postfields, $data);      //curl_setopt ($ch, Curlopt_postfields, Http_build_query ($data)); Data with UrlEncode         $ret = curl_exec ($ch);      //var_dump (Curl_error ($ch));  //View error information         curl_close ($ch);       return $ret;    }         If the URL address is HTTPS, go to SSL, or go to the normal HTTP protocol.   Is it safe to go with https? In fact, SSL also has a different degree of verification.   For example, do you need to verify the common name in the certificate? (BTW: The common name (Common name) is generally the domain name (field) or subdomain (sub domain) in which you will request an SSL certificate.   Do you want to verify the host name?   is any certificate trusted or trusted only by CAS?   (i wipe, the battery is almost no point, only pick up the key to say--| | |   If the Web site SSL certificate buys a CA (usually more expensive), then access can use a more stringent certification, that is:   code as follows: curl_setopt ($ch, Curlopt_ssl_verifypeer, true);  //Trust only CA issued certificates   curl_setopt ($ch, Curlopt_cainfo, $cacert); CA root certificate (used to verify whether the site certificate was issued by CA)   curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Check to see if the domain name is set in the certificate and if it matches the host name provided     If the certificate of the Web site is generated by itself or is applied by a small organization on the Internet, the access will not pass if strict authentication is used and return false directly. (yes, you can print Curl_error ($ch) to view specific error messages when you return FALSE. At this point, you can reduce the degree of validation to ensure normal access, for example:   code as follows: curl_setopt ($ch, Curlopt_ssl_verifypeer, false); Trust any certificate   curl_setopt ($ch, Curlopt_ssl_verifyhost, 1); Check whether the domain name is set in the certificate (0, or even the existence of the domain name is not verified)     When we use the browser to access each HTTPS site, sometimes we encounter certificates that are not trusted, in fact, because the certificate of these sites is not a formal CA promulgated.   in various browsers on the marketWhen you place the CA root certificate list information and visit a Web site that has a certificate issued by a CA, the certificate for those sites is validated against the root certificate, so there is no such hint.   about the CA root certificate file, which is actually a public key certificate for each of the major CA institutions, is used to verify that the certificate of the Web site is issued by these organizations.   This file here is derived from Mozilla's source tree and converted to a PEM format certificate file. (You can download the ready-made HTTP://CURL.HAXX.SE/CA/CACERT.PEM)   finally said something unrelated to SSL:     Code as follows: curl_setopt ($ch, Curlopt_ Httpheader, Array (' Expect: '));     This is mainly to solve the problem of data too long at post  
Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.