-
-
Save nebulak/c22ce4b409c774b75b0ac3cc43e56668 to your computer and use it in GitHub Desktop.
<?php | |
//source: http://www.zedwood.com/article/php-curl-connect-with-ssl-client-certificate | |
class SecureRequest | |
{ | |
private m_publicCertPath; //"/public_cert.pem" | |
private m_privateCertPath; //"/private.pem") | |
private m_caInfoPAth; //"/etc/ssl/certs/ca-certificates.crt" | |
public function init($publicCertPath, $privateCertPath, $caInfoPath) { | |
$this->m_publicCertPath = $publicCertPAth; | |
$this->m_privateCertPath = $privateCertPath; | |
$this->m_caInfoPath = $caInfoPath; | |
} | |
public function post($url, $data) { | |
return $this->sendRequest("POST", $url, $data); | |
} | |
public function get($url, $data) { | |
$queryData = http_build_query($data); | |
$urlWithData = $url . '?' . $queryData; | |
return $this->sendRequest("GET", $urlWithData, array()); | |
} | |
private function sendRequest($method, $url, $data) { | |
//TODO: enforce https://-url | |
//$data = array('key'=>'value'); | |
$ch = curl_init(); | |
curl_setopt($ch, CURLOPT_URL, $url); | |
curl_setopt($ch, CURLOPT_PORT , 443); | |
curl_setopt($ch, CURLOPT_VERBOSE, 0); | |
curl_setopt($ch, CURLOPT_HEADER, 0); | |
curl_setopt($ch, CURLOPT_SSLCERT, $this->m_publicCertPath); | |
curl_setopt($ch, CURLOPT_SSLKEY, $this->m_privateCertPath); | |
curl_setopt($ch, CURLOPT_CAINFO, $this->m_caInfoPath); | |
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); | |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
if( strtoupper($method) == "POST" ) | |
{ | |
curl_setopt($ch, CURLOPT_POST, 1); | |
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); | |
} | |
$response = curl_exec($ch); | |
//$info =curl_errno($ch)>0 ? array("curl_error_".curl_errno($ch)=>curl_error($ch)) : curl_getinfo($ch); | |
//print_r($info); | |
curl_close($ch); | |
return $response; | |
} | |
} | |
?> |
Hallo @nebulak:
Sorry, Sie wissen, ob die Zertifikate, die in der Petition-Curl anhaften, diejenigen sein sollten, die mir den externen Server bereitstellen.
oder sollten sie von meinem Server generiert werden?Entschuldigen Sie mein Deutsch.
You have to define the path to your public and private key of your client certificate in lines 33 and 34.
You should have received a client certificate by the server administrator or if you are the server administrator you have to generate them.
If you don't have CA you have to set verifypeer to 0 in line 36.
Sorry again @nebulak,
when you mention the client side, you are referring to the one that receive the data or the one that sends it (Me)?
That's because my purpose is to send data to a remote server using this method.
Thanks in advance. You have won a beer. :D
Ok, in your case you are the client.
But the above code uses certificate authentication.
If you don't need certificate authentication, you must comment out lines 33 to 36 or just search the web how to use php with curl. There should be enough pretty straight forward tutorials about this topic.
I'm having some issues with my case. the API owner sent me a public certificate "Certificate.cer" file. how do I sent it with my request as I don't have private keys and ".pem" file ?
Hallo @nebulak:
Sorry, Sie wissen, ob die Zertifikate, die in der Petition-Curl anhaften, diejenigen sein sollten, die mir den externen Server bereitstellen.
oder sollten sie von meinem Server generiert werden?
Entschuldigen Sie mein Deutsch.