PHP using Curl to access HTTPS sample sharing _php Tutorial

For the convenience of explanation, first on the code bar

Copy CodeThe code is as follows:
/**
* Curl POST
*
* @param string URL
* @param array data
* @param int Request time-out
* Strict authentication when @param bool HTTPS
* @return String
*/
function Curlpost ($url, $data = Array (), $timeout = +, $CA = True) {

$cacert = GETCWD (). '/cacert.pem '; CA Root Certificate
$SSL = substr ($url, 0, 8) = = "https://"? True:false;

$ch = Curl_init ();
curl_setopt ($ch, Curlopt_url, $url);
curl_setopt ($ch, Curlopt_timeout, $timeout);
curl_setopt ($ch, Curlopt_connecttimeout, $timeout-2);
if ($SSL && $CA) {
curl_setopt ($ch, Curlopt_ssl_verifypeer, true); Trust only certificates issued by CAS
curl_setopt ($ch, Curlopt_cainfo, $cacert); CA root certificate (used to verify whether the website certificate was issued by a CA)
curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Checks whether the domain name is set in the certificate and matches the host name provided
} else if ($SSL &&! $CA) {
curl_setopt ($ch, Curlopt_ssl_verifypeer, false); Trust any Certificate
curl_setopt ($ch, Curlopt_ssl_verifyhost, 1); Check whether the domain name is set in the certificate
}
curl_setopt ($ch, Curlopt_returntransfer, true);
curl_setopt ($ch, Curlopt_httpheader, Array (' Expect: ')); Avoid data over-length issues
curl_setopt ($ch, Curlopt_post, true);
curl_setopt ($ch, Curlopt_postfields, $data);
curl_setopt ($ch, Curlopt_postfields, Http_build_query ($data)); Data with UrlEncode

$ret = curl_exec ($ch);
Var_dump (Curl_error ($ch)); View error messages

Curl_close ($ch);
return $ret;
}

If the URL address is the beginning of HTTPS, then go to SSL, or go to the normal HTTP protocol.

Is it safe to take the HTTPS? In fact, SSL also has a different degree of authentication.

For example, do you need to verify the common name in the certificate? (BTW: The common name (Common name) is generally filled in with the domain name (domain) or subdomain (sub domain) that you will be applying for the SSL certificate. ）

Do you need to verify the host name?

Are any certificates trusted or are they only trusted by the CA?

(I wipe, the battery is almost out of order, only to pick up the key to say--| | | ）

If the website SSL certificate buys a CA (usually more expensive), then access can use more stringent authentication, namely:

Copy the Code code as follows:
curl_setopt ($ch, Curlopt_ssl_verifypeer, true); Trust only certificates issued by CAS
curl_setopt ($ch, Curlopt_cainfo, $cacert); CA root certificate (used to verify whether the website certificate was issued by a CA)
curl_setopt ($ch, Curlopt_ssl_verifyhost, 2); Checks whether the domain name is set in the certificate and matches the host name provided

If the website's certificate is generated by itself, or if it is requested by a small organization on the internet, then if strict authentication is used, it will not pass and return false directly. (By the return false, you can print Curl_error ($ch) to see the specific error message. At this point, you can ensure normal access by reducing the level of validation, for example:
Copy the Code code as follows:
curl_setopt ($ch, Curlopt_ssl_verifypeer, false); Trust any Certificate
curl_setopt ($ch, Curlopt_ssl_verifyhost, 1); Check whether the domain name is set in the certificate (0 is also possible, that is, even if the domain name exists or not verified)

Usually when we use a browser to access each HTTPS website, sometimes we will encounter the certificate is not trusted, in fact, because the certificate of these sites is not a regular CA authority promulgated.

The list of CA root certificates is built into various browsers on the market, and when you visit a website that has a CA-issued certificate, the certificates for those sites are validated against the root certificate, so there is no such hint.

The CA root certificate file, in fact, contains the public key certificates for each of the major CA agencies to verify that the site's certificate was issued by these agencies.

This file is derived from Mozilla's source tree and converted to a PEM format certificate file. (You can download the ready-made HTTP://CURL.HAXX.SE/CA/CACERT.PEM here)

Finally, an SSL-independent thing:
Copy the Code code as follows:
curl_setopt ($ch, Curlopt_httpheader, Array (' Expect: '));

This is mainly to solve the problem of too long data in post

http://www.bkjia.com/PHPjc/710604.html www.bkjia.com true http://www.bkjia.com/PHPjc/710604.html techarticle for the convenience of explanation, first on the code to copy the code is as follows:/** * Curl POST * * @param string URL * @param array data * @param int request Time Out * @param bool HTTPS Whether to enter ...

