PHP客户端验证https证书

Question

我需要创建一个PHP作为客户端,并使用https下的一些Web服务.我的问题是我也想验证服务器证书.我需要知道我有正确的服务器,并且没有一个中间充当服务器.有谁可以帮助我吗？

谢谢!

Answer 1

如果您具有curl扩展名,则可以将其配置为在连接时验证证书.

http://php.net/manual/en/function.curl-setopt.php

// As of writing this, Twitter uses Verisign, Google uses Eqifax
$exampleUrl = 'https://twitter.com/'; // Success
$exampleUrl = 'https://google.com/';  // Fails

// create a new CURL resource
$ch = curl_init($exampleUrl);

// enable verification
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

// list of CAs to trust
// If the remote site has a specific CA, they usually have a .crt
// file on their site you can download.  Or you can export key items from
// some browsers.
// In this example, using: Verisign [1]
curl_setopt($ch, CURLOPT_CAINFO, __DIR__ . '/ca_bundle.crt');
// - or -
curl_setopt($ch, CURLOPT_CAPATH, __DIR__ . '/ca_certs/');

// If the remote site uses basic auth:
curl_setopt($ch, CURLOPT_USERPWD, $username . ':' . $password);

// And a helpful option to enable while debugging
//curl_setopt($ch, CURLOPT_VERBOSE, true);

// defaults to stdout, don't want that for this case.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$page = curl_exec($ch);

[1] http://www.verisign.com/support/verisign-intermediate-ca/extended-validation/apache/