Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > body text

php curl access https implementation code

WBOY
Release: 2016-07-25 08:54:53
Original
792 people have browsed it

  3. /**

  4. * curl POST
  5. *
  6. * @param string url
  7. * @param array data
  8. * @param int request timeout
  9. * @param bool Whether to perform strict authentication during HTTPS
  10. * @return string
  11. */
  12. function curlPost($url, $data = array(), $timeout = 30, $CA = true){

  13. < ;p> $cacert = getcwd() . '/cacert.pem'; //CA root certificate
  14. $SSL = substr($url, 0, 8) == "https://" ? true : false; < /p>

  15. $ch = curl_init();

  16. curl_setopt($ch, CURLOPT_URL, $url);
  17. curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
  18. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout- 2);
  19. if ($SSL && $CA) {
  20. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); // Only trust certificates issued by CA
  21. curl_setopt($ch, CURLOPT_CAINFO, $cacert); // CA root certificate ( Check whether the website certificate used to verify is issued by CA)
  22. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // Check whether the domain name is set in the certificate and whether it matches the provided host name
  23. } else if ($SSL && !$CA ) {
  24. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Trust any certificate
  25. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); // Check whether the domain name is set in the certificate
  26. }
  27. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  28. curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:')); //Avoid the problem of too long data
  29. curl_setopt($ch, CURLOPT_POST, true);
  30. curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
  31. / /curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); //data with URLEncode

  32. $ret = curl_exec($ch);

  33. //var_dump(curl_error($ch)) ; //View error message

  34. curl_close($ch);

  35. return $ret;
  36. }

Copy code

If the URL address starts with https , then use SSL, otherwise use ordinary HTTP protocol. Is it safe to use HTTPS? In fact, SSL also has different levels of verification. For example, do you need to verify the common name in the certificate? (BTW: Common Name generally means filling in the domain name (domain) or subdomain (sub domain) for which you are going to apply for an SSL certificate.) Need to verify hostname? Do you trust any certificate or only those issued by the CA? If the website's SSL certificate is purchased from a CA (usually more expensive), then you can use stricter authentication when accessing, that is:

  2. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); // Only trust certificates issued by CA
  3. curl_setopt($ch, CURLOPT_CAINFO, $cacert); // CA root certificate (used to verify whether the website certificate is issued by CA)
  4. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // Check whether the domain name is set in the certificate and whether it matches the provided host name
Copy the code

If the website’s certificate is generated by itself, or If you apply for it from a small online institution, if you use strict authentication when accessing, it will not pass and false will be returned directly. (By the way, when false is returned, you can print curl_error($ch) to view the specific error message.) At this time, you can reduce the verification level according to the situation to ensure normal access, for example:

  2. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Trust any certificate
  3. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); // Check whether the domain name is set in the certificate (0 is okay, that is, the domain name exists Whether it is or not is not verified)
Copy the code

When you usually use a browser to access various https websites, you sometimes encounter a prompt that the certificate is not trusted. In fact, this is because the certificates of these websites are not issued by formal CA organizations. Various browsers on the market have built-in CA root certificate list information. When visiting websites with CA-issued certificates, the certificates of these websites will be verified based on the root certificate, so this prompt will not appear.

Regarding the CA root certificate file, it actually contains the public key certificates of each major CA organization, which is used to verify whether the website's certificate is issued by these organizations. This file comes from mozilla's source tree and is converted into a PEM format certificate file. (Download http://curl.haxx.se/ca/cacert.pem) Finally, let’s talk about something unrelated to SSL: curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:')); Mainly to solve the problem of too long data during POST.



Related labels:
php curl访问https实现代码
source:php.cn
Previous article:PHP implementation file forced download code Next article:Modify PHP upload file size limit
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
2
1913
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
10
2087
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
1756
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
1656
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
1665
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template