search

Home  >  Article  >  Backend Development  >  php curl access https implementation code

php curl access https implementation code

WBOY
WBOYOriginal
2016-07-25 08:54:53790browse

  3. /**

  4. * curl POST
  5. *
  6. * @param string url
  7. * @param array data
  8. * @param int request timeout
  9. * @param bool Whether to perform strict authentication during HTTPS
  10. * @return string
  11. */
  12. function curlPost($url, $data = array(), $timeout = 30, $CA = true){

  13. < ;p> $cacert = getcwd() . '/cacert.pem'; //CA root certificate
  14. $SSL = substr($url, 0, 8) == "https://" ? true : false; < /p>

  15. $ch = curl_init();

  16. curl_setopt($ch, CURLOPT_URL, $url);
  17. curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
  18. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout- 2);
  19. if ($SSL && $CA) {
  20. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); // Only trust certificates issued by CA
  21. curl_setopt($ch, CURLOPT_CAINFO, $cacert); // CA root certificate ( Check whether the website certificate used to verify is issued by CA)
  22. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // Check whether the domain name is set in the certificate and whether it matches the provided host name
  23. } else if ($SSL && !$CA ) {
  24. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Trust any certificate
  25. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); // Check whether the domain name is set in the certificate
  26. }
  27. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  28. curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:')); //Avoid the problem of too long data
  29. curl_setopt($ch, CURLOPT_POST, true);
  30. curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
  31. / /curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); //data with URLEncode

  32. $ret = curl_exec($ch);

  33. //var_dump(curl_error($ch)) ; //View error message

  34. curl_close($ch);

  35. return $ret;
  36. }

Copy code

If the URL address starts with https , then use SSL, otherwise use ordinary HTTP protocol. Is it safe to use HTTPS? In fact, SSL also has different levels of verification. For example, do you need to verify the common name in the certificate? (BTW: Common Name generally means filling in the domain name (domain) or subdomain (sub domain) for which you are going to apply for an SSL certificate.) Need to verify hostname? Do you trust any certificate or only those issued by the CA? If the website's SSL certificate is purchased from a CA (usually more expensive), then you can use stricter authentication when accessing, that is:

  2. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); // Only trust certificates issued by CA
  3. curl_setopt($ch, CURLOPT_CAINFO, $cacert); // CA root certificate (used to verify whether the website certificate is issued by CA)
  4. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // Check whether the domain name is set in the certificate and whether it matches the provided host name
Copy the code

If the website’s certificate is generated by itself, or If you apply for it from a small online institution, if you use strict authentication when accessing, it will not pass and false will be returned directly. (By the way, when false is returned, you can print curl_error($ch) to view the specific error message.) At this time, you can reduce the verification level according to the situation to ensure normal access, for example:

  2. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Trust any certificate
  3. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); // Check whether the domain name is set in the certificate (0 is okay, that is, the domain name exists Whether it is or not is not verified)
Copy the code

When you usually use a browser to access various https websites, you sometimes encounter a prompt that the certificate is not trusted. In fact, this is because the certificates of these websites are not issued by formal CA organizations. Various browsers on the market have built-in CA root certificate list information. When visiting websites with CA-issued certificates, the certificates of these websites will be verified based on the root certificate, so this prompt will not appear.

Regarding the CA root certificate file, it actually contains the public key certificates of each major CA organization, which is used to verify whether the website's certificate is issued by these organizations. This file comes from mozilla's source tree and is converted into a PEM format certificate file. (Download http://curl.haxx.se/ca/cacert.pem) Finally, let’s talk about something unrelated to SSL: curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:')); Mainly to solve the problem of too long data during POST.



Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:PHP implementation file forced download codeNext article:PHP implementation file forced download code

Related articles

See more