PHP uses curl to access https sample code

curl is an open source file transfer tool that uses URL syntax to work in command line mode. Here is an example of php using curl to access https. Please refer to it.

is for convenience. , let’s start with the code

The code is as follows:

/** 
 * curl POST 
 * 
 * @param   string  url 
 * @param   array   数据 
 * @param   int     请求超时时间 
 * @param   bool    HTTPS时是否进行严格认证 
 * @return  string 
 */  
function curlPost($url, $data = array(), $timeout = 30, $CA = true){    

    $cacert = getcwd() . '/cacert.pem'; //CA根证书  
    $SSL = substr($url, 0, 8) == "https://" ? true : false;  

    $ch = curl_init();  
    curl_setopt($ch, CURLOPT_URL, $url);  
    curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);  
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout-2);  
    if ($SSL && $CA) {  
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);   // 只信任CA颁布的证书  
        curl_setopt($ch, CURLOPT_CAINFO, $cacert); // CA根证书（用来验证的网站证书是否是CA颁布）  
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // 检查证书中是否设置域名，并且是否与提供的主机名匹配  
    } else if ($SSL && !$CA) {  
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // 信任任何证书  
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); // 检查证书中是否设置域名  
    }  
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:')); //避免data数据过长问题  
    curl_setopt($ch, CURLOPT_POST, true);  
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);  
    //curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); //data with URLEncode  

    $ret = curl_exec($ch);  
    //var_dump(curl_error($ch));  //查看报错信息  

    curl_close($ch);  
    return $ret;    
}

If the URL address starts with https, then use SSL, otherwise Use the normal HTTP protocol.

Is it safe if I use HTTPS? In fact, SSL also has different levels of verification.

For example, do I need to verify the common name in the certificate? (BTW: Common Name (Common Name) generally means filling in the domain name (domain) or sub-domain name (sub domain) for which you are going to apply for an SSL certificate.)

Do you need to verify the host name?

Do you trust any certificate or only those issued by the CA?

(I wiped it, the battery is almost dead, I only mentioned the key points - -|||)

If the website SSL certificate is purchased from a CA (usually more expensive) , then you can use stricter authentication when accessing, that is:

The code is as follows:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);   // 只信任CA颁布的证书 
curl_setopt($ch, CURLOPT_CAINFO, $cacert); // CA根证书（用来验证的网站证书是否是CA颁布） 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // 检查证书中是否设置域名，并且是否与提供的主机名匹配

If the website’s certificate is generated by yourself, or it is online If a small organization applies for it, if strict authentication is used during access, it will not pass and false will be returned directly. (By the way, when false is returned, you can print curl_error($ch) to view the specific error message.) At this time, you can ensure normal access by reducing the verification level according to the situation, for example:

The code is as follows:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // 信任任何证书 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); // 检查证书中是否设置域名（为0也可以，就是连域名存在与否都不验证了）

Usually when we use a browser to access various https websites, we sometimes encounter a prompt that the certificate is not trusted. In fact, it is because the certificates of these websites are not issued by formal CA institutions.

Various browsers on the market have built-in CA root certificate list information. When visiting websites with CA-issued certificates, the certificates of these websites will be verified based on the root certificate, so there will be no such prompt.

Regarding the CA root certificate file, it actually contains the public key certificates of each major CA organization, which is used to verify whether the website's certificate is issued by these organizations.

The file here is derived from mozilla's source tree and converted into a PEM format certificate file. (You can download the ready-made http://curl.haxx.se/ca/cacert.pem here)

Finally, let’s talk about something unrelated to SSL:

The code is as follows :

curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));

This is mainly to solve the problem of too long data during POST

The above is the detailed content of PHP uses curl to access https sample code. For more information, please follow other related articles on the PHP Chinese website!