Php 如何通过cURL使用Apache2.2上托管的REST服务发送SSL请求?
使用自签名证书通过https向Apache 2.2服务器发送安全数据(登录id、密码)的过程是什么Php 如何通过cURL使用Apache2.2上托管的REST服务发送SSL请求?,php,apache,curl,https,Php,Apache,Curl,Https,使用自签名证书通过https向Apache 2.2服务器发送安全数据(登录id、密码)的过程是什么 <?php $uid=$_POST['user']; $password=$_POST['pass']; $url = "https://example.com/login"; $cert_file = './certificate.com.pem'; $cert_password = 'xxxxxx'; $ch = curl_init(); $options = array(
<?php
$uid=$_POST['user'];
$password=$_POST['pass'];
$url = "https://example.com/login";
$cert_file = './certificate.com.pem';
$cert_password = 'xxxxxx';
$ch = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_POSTFIELDS => 'uid:'.$uid.'&password:'.$password,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_VERBOSE => true,
CURLOPT_URL => $url ,
CURLOPT_SSLCERT => $cert_file ,
CURLOPT_SSLCERTPASSWD => $cert_password ,
CURLOPT_POST => true
);
curl_setopt_array($ch , $options);
$output = curl_exec($ch);
if(!$output)
{
echo "Curl Error : " . curl_error($ch);
}
else
{
echo htmlentities($output);
}
?>
我们得到的错误是:
curl错误:无法使用客户端证书(找不到密钥或密码短语错误?您需要这样考虑:
- 您的本地服务器要求远程服务器验证登录信息。-您需要为自签名证书创建一个例外并记住它。(忽略证书错误是一个非常坏的习惯。)
- 然后,您的本地服务器检查远程服务器返回的数据是否不是错误消息,是否确实是有效的JSON数据
<?php
function remote_login($username, $password) {
/*
Initialize the curl object
*/
$login = curl_init();
/*
Some sanitation. This is probably not enough though.
*/
$username = urlencode($username);
$password = urlencode($password);
/*
Set the url we're going to use.
REST services use clean urls, but here we simply use GET parapeters.
*/
$login_url = 'https://example.com/?username='+$username+'&password='+$password;
curl_setopt($login, CURLOPT_URL, $login_url);
/*
Tell curl we would like to use the data returned from the remote server
*/
curl_setopt($login, CURLOPT_RETURNTRANSFER, true);
/*
Set the returned data as a variable
*/
$login_data = curl_exec($login);
$login_json = json_decode($login_data);
/*
We're not going to do anything else if we encounter any sort of error.
*/
if (($login_data == false) || ($login_json == false)) {
return false;
}
/*
Return the login result as a JSON object
*/
return json_decode($login_data);
}
?>
希望这有帮助。您的意思是可以检查证书的指纹吗?据我所知,发送数据的基本操作是相同的。你现在有什么代码吗?(顺便说一句,这里的情况通常是读者希望先看到合理的研究/搜索工作-问题有时会因为缺少而被搁置)。