PHP uses curl to access https example sharing_PHP tutorial

For the convenience of explanation, let’s show the code first

Copy code The code is as follows:

/**
* curl POST
*
* @param string url
* @param array data
* @param int Request timeout
* @param bool Whether to perform strict authentication on HTTPS
* @return string
*/
function curlPost($url, $ data = array(), $timeout = 30, $CA = true){

$cacert = getcwd() . '/cacert.pem'; //CA root certificate
$SSL = substr( $url, 0, 8) == "https://" ? true : false;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout-2);
if ($SSL && $CA) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true ; , 2); // Check whether the domain name is set in the certificate and whether it matches the provided host name
} else if ($SSL && !$CA) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); / / Trust any certificate
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); // Check whether the domain name is set in the certificate
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:')); //Avoid the problem of too long data
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
/ /curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); //data with URLEncode

$ret = curl_exec($ch);
//var_dump(curl_error($ch)); / /View error message

curl_close($ch);
return $ret;
}

If the URL address starts with https, then use SSL, otherwise use ordinary HTTP protocol.

Is it safe to use HTTPS? In fact, SSL also has different levels of verification.

For example, do I need to verify the common name in the certificate? (BTW: Common Name generally means filling in the domain name (domain) or sub-domain name (sub domain) for which you are going to apply for an SSL certificate.)

Need to verify hostname?

Do you trust any certificate or only those issued by the CA?

(I wiped it, the battery is almost empty, so I only mentioned the key points - -|||)

If the website SSL certificate is purchased from a CA (usually more expensive), you can use stricter authentication when accessing, namely:

Copy code The code is as follows:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); // Only trust certificates issued by CA

curl_setopt($ch, CURLOPT_CAINFO, $cacert); // CA root certificate (used to verify whether the website certificate is issued by the CA)
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // Check whether the certificate contains Set the domain name and match the provided hostname

If the website's certificate is generated by itself, or applied by a small online organization, then if strict authentication is used during access, it will not pass and false will be returned directly. (By the way, when false is returned, you can print curl_error($ch) to view the specific error message.) At this time, you can reduce the verification level according to the situation to ensure normal access, for example:

Copy code The code is as follows:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Trust any certificate

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); // Check the certificate Whether to set a domain name in (0 is acceptable, but the existence of the domain name is not verified)

When we usually use browsers to access various https websites, we sometimes encounter prompts that the certificates are not trusted. In fact, this is because the certificates of these websites are not issued by formal CA organizations.

Various browsers on the market have built-in CA root certificate list information. When visiting websites with CA-issued certificates, the certificates of these websites will be verified based on the root certificate, so this prompt will not appear.

Regarding the CA root certificate file, it actually contains the public key certificates of each major CA organization, which is used to verify whether the website's certificate is issued by these organizations.

The file here is derived from mozilla’s source tree and converted into a PEM format certificate file. (You can download the ready-made one here http://curl.haxx.se/ca/cacert.pem)

Finally, let’s talk about something unrelated to SSL:

Copy the code The code is as follows:

curl_setopt($ch, CURLOPT_HTTPHEADER , array('Expect:'));

This is mainly to solve the problem of too long data during POST

http://www.bkjia.com/PHPjc/710604.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/710604.htmlTechArticleFor convenience of explanation, let’s go to the code first and copy the code as follows: /** * curl POST * * @param string url * @param array data * @param int request timeout * @param bool Whether to enter HTTPS...