在單獨的文件中使用curl在「CA證書，客戶端證書和私鑰」

Question

我需要幫助來重寫這個PHP curl代碼（在一個文件中使用一個* .pem文件--CA證書，客戶端證書，私鑰）：

curl_setopt($curl, CURLOPT_URL, $this->url); 
curl_setopt($curl, CURLOPT_HEADER, 0); 
curl_setopt($curl, CURLOPT_POST, true); 
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); 
curl_setopt($curl, CURLOPT_SSLCERT, $this->keystore); 
curl_setopt($curl, CURLOPT_CAINFO, $this->keystore); 
curl_setopt($curl, CURLOPT_SSLKEYPASSWD, $this->keystorepassword); 
curl_setopt($curl, CURLOPT_POSTFIELDS, $post); 
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 

所以它可以使用CA證書，客戶端證書並在不同的文件私鑰。

如該命令行示例：

curl -d "var1=value1&var2=value2&..." -G -v --key key.pem --cacert ca.pem --cert client.pem:xxxxxx https://www.somesite.com/page

Answer 1

這裏是你的命令行調用的直譯PHP腳本：

<?php 

    $data = "var1=value1&var2=value2&..."; 
    $url = "https://www.somesite.com/page"; 


    $keyFile = "key.pem"; 
    $caFile = "ca.pem"; 
    $certFile = "client.pem"; 
    $certPass = "xxxxxx"; 

    // Initialise cURL 
    $ch = curl_init($actualUrl); 

    // The -d option is equivalent to CURLOPT_POSTFIELDS. But... 
    // PHP's libcurl interface does not implement the -G flag - instead you would 
    // append $data to $url like this: 
    $actualUrl = $url.'?'.$data; 
    curl_setopt($curl, CURLOPT_URL, $actualUrl); 

    // The -v flag only makes sense at the command line, but it can be enabled 
    // with CURLOPT_VERBOSE - in this case the information will be written to 
    // STDERR, or the file specified by CURLOPT_STDERR. I will ignore this for 
    // now, but if you would like a demonstration let me know. 

    // The --key option - If your key file has a password, you will need to set 
    // this with CURLOPT_SSLKEYPASSWD 
    curl_setopt($ch, CURLOPT_SSLKEY, $keyFile); 

    // The --cacert option 
    curl_setopt($ch, CURLOPT_CAINFO, $caFile); 

    // The --cert option 
    curl_setopt($ch, CURLOPT_SSLCERT, $certFile); 
    curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $certPass); 

    /* 
    Now we should get an identical request to the one created by your command 
    line string, let's have a look at some of the other options you set... 
    */ 

    // CURLOPT_HEADER is disabled by default, there's no need for this unless you 
    // enabled it earlier 
    //curl_setopt($curl, CURLOPT_HEADER, 0); 

    // Your command line string forces a GET request with the -G option, are you 
    // trying to POST or GET? 
    //curl_setopt($curl, CURLOPT_POST, true); 

    // We don't need body data with a GET request 
    //curl_setopt($curl, CURLOPT_POSTFIELDS, $post); 

    // Since we've gone to all the trouble of supplying CS information, we might 
    // as well validate it! 
    //curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);