cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Fully verify server certificate using SSL

From: Informatique <informatique_at_forsup.com>
Date: Mon, 28 Aug 2006 17:30:49 +0200

Hello,

 

I use curl to talk to a HTTPS server, and I would like to know how to fully
verify the certificate, I mean including CRL.

Is it possible with curl ? Or, do I have to do this in php ?

 

Here is my php code :

 

$url = "https://www.verisign.fr/";

$ch = curl_init ($url);

if (!$ch) {

            die ("Connexion CURL impossible");

}

            curl_setopt($ch, CURLOPT_VERBOSE, 1);

            curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);

            $user_agent = "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
5.0)";

            curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);

            

            $certfile = "test.crt";

            $certpasswd = "123456";

            curl_setopt ($ch, CURLOPT_SSLCERT, $certfile);

            curl_setopt ($ch, CURLOPT_SSLCERTPASSWD, $certpasswd);

 

            $keyfile = "test.pem";

            $keypasswd = "123456";

            curl_setopt ($ch, CURLOPT_SSLKEY, $keyfile);

            curl_setopt ($ch, CURLOPT_SSLKEYPASSWD, $keypasswd);

 

            $criterium = "ca.cer";

            curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, true);

            curl_setopt ($ch, CURLOPT_CAINFO, $criterium);

            curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 2);

 

$code = curl_exec ($ch);

 

$errnum=curl_errno($ch);

if($errnum != "0") {

            echo curl_errno($ch) . " - " . curl_error($ch) . "<br>";

}

            

            // For DEBUG :

            echo "<pre>";

print_r(curl_getinfo($ch));

print_r($code);

echo "</pre>";

 

I works well, except that I don't check the CRL.

If I have to do the verification in php, I would like to know how to get the
server certificate informations from the server in order to do the
verification with the CRL.

 

Thank you for your help.

 

Patrick

 

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2006-08-28