curl-and-php
Fully verify server certificate using SSL
Date: Mon, 28 Aug 2006 17:30:49 +0200
Hello,
I use curl to talk to a HTTPS server, and I would like to know how to fully
verify the certificate, I mean including CRL.
Is it possible with curl ? Or, do I have to do this in php ?
Here is my php code :
$url = "https://www.verisign.fr/";
$ch = curl_init ($url);
if (!$ch) {
die ("Connexion CURL impossible");
}
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
$user_agent = "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
5.0)";
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
$certfile = "test.crt";
$certpasswd = "123456";
curl_setopt ($ch, CURLOPT_SSLCERT, $certfile);
curl_setopt ($ch, CURLOPT_SSLCERTPASSWD, $certpasswd);
$keyfile = "test.pem";
$keypasswd = "123456";
curl_setopt ($ch, CURLOPT_SSLKEY, $keyfile);
curl_setopt ($ch, CURLOPT_SSLKEYPASSWD, $keypasswd);
$criterium = "ca.cer";
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt ($ch, CURLOPT_CAINFO, $criterium);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 2);
$code = curl_exec ($ch);
$errnum=curl_errno($ch);
if($errnum != "0") {
echo curl_errno($ch) . " - " . curl_error($ch) . "<br>";
}
// For DEBUG :
echo "<pre>";
print_r(curl_getinfo($ch));
print_r($code);
echo "</pre>";
I works well, except that I don't check the CRL.
If I have to do the verification in php, I would like to know how to get the
server certificate informations from the server in order to do the
verification with the CRL.
Thank you for your help.
Patrick
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2006-08-28