curl-and-php
Re: veryifypeer and verifyhost questions
Date: Tue, 10 Sep 2002 16:43:52 +0200 (MET DST)
On Mon, 9 Sep 2002, WILLIAM T wrote:
> I am unsure of how to utilize the verifypeer and verifyhost. I know that
> it is planned to make at least verifypeer the default, but it still seems
> like these two options in particular need better documentation.
I'm sure that's the case. The docs is always lagging behind... Especially on
the PHP/CURL front. (I am seriously starting to wish the curl module for PHP
had some kind of twist on the name what would make it differ somewhat from
curl the tool and libcurl the library...)
> My code "simplified" looks like this:
>
> $session = curl_init();
> curl_setopt($session, CAINFO, $cert_file);
> curl_setopt($session, SSL_VERIFYPEER, 1);
> curl_setopt($session, SSL_VERIFYHOST, 2);
>
> In reality i Have some more things (like closing the session but I think
> this should be enough for people to help me.
>
> First of all $cert_file is just set to the name of the pem file containing
> a bunch of ca certificates is this correct?
Yes.
> Second, what parameter should I be sending verify peer (ie is 1 correct)
> I got the one from some C code utilizing libcurl.
Yes, 1 is correct. In fact, any non-zero value will enable it.
> Finally, for verify host in libcurl 1 makes sure a host is listed on the
> certificate and 2 actually makes sure that host is the on you are connected
> to. (at least this is my understanding). They both have to be longs in
> libcurl, but since php doesn't have explicit variables I figured this
> didn't matter. Does the 1 and 2 thing still hold true?
AFAIK, yes.
> The first test case I had testing this, I receieved NO errors (as far as I
> can tell), but the hostname on the certificate was invalid.
That sounds like there's a problem somewhere. Can you repeat the same thing
with a curl command line? (I prefer debugging and repeating problem with the
plain curl tool.)
> ob_start();
> curl_exec ($session);
> $page = ob_get_contents();
> ob_end_clean();
>
> returns the page with a 0 at the end. It seems like a zero would signify a
> failure, but I tried just a simple get page, and it always returns a zero
> too.
AFAIK, zero is OK and non-zero is failure even in the PHP/curl world.
> Sorry about all the questions, I've really tried finding the answers on my
> own.
Sorry for me being totally PHP illiterate.
-- Daniel Stenberg -- curl related mails on curl related mailing lists please ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390Received on 2002-09-10