[PHP] curl访问https与CA证书问题

CA证书,用来在调用HTTPS资源的时候,验证对方网站是否是CA颁布的证书,而不是自己随便生成的

curl命令
1.需要下载CA证书 文件地址是 http://curl.haxx.se/ca/cacert.pem
2.把下载的文件放到这个位置 /etc/pki/tls/certs/ca-bundle.crt
3.curl就可以访问https的资源了

php代码

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46

function post($url, $data=array(), $refer = "", $timeout = 30, $header = array()){     $curlObj = curl_init();     $ssl = stripos($url,'https://') === 0 ? true : false;     $options = array(         CURLOPT_URL => $url,         CURLOPT_RETURNTRANSFER => 1,         CURLOPT_POST => 1,         CURLOPT_POSTFIELDS => $data,         CURLOPT_FOLLOWLOCATION => 1,         CURLOPT_AUTOREFERER => 1,         CURLOPT_USERAGENT => 'Webface SelfService Form',         CURLOPT_TIMEOUT => $timeout,         CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_0,         CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,         CURLOPT_REFERER => $refer     );      if (!empty($header)) {         $options[CURLOPT_HTTPHEADER] = $header;     }       if ($refer) {         $options[CURLOPT_REFERER] = $refer;     }       if ($ssl) {         //注意看这里就是配置CA证书         //只信任CA颁布的证书         $options[CURLOPT_SSL_VERIFYPEER]=true;          //本地CA证书,用来验证网站的证书是否是CA颁布的         $options[CURLOPT_CAINFO]=getcwd() . '/cacert.pem';         //验证域名是否匹配         $options[CURLOPT_SSL_VERIFYHOST] = 2;         /*          //忽略证书验证,信任任何证书         $options[CURLOPT_SSL_VERIFYHOST] = false;         $options[CURLOPT_SSL_VERIFYPEER] = false;         */     }       curl_setopt_array($curlObj, $options);     $returnData = curl_exec($curlObj);     if (curl_errno($curlObj)) {         $returnData = curl_error($curlObj);     }       curl_close($curlObj);     return $returnData; } $res=post("https://www.baidu.com"); var_dump($res);