Hello,

I use curl to talk to a HTTPS server, and I would like to know how to fully
verify the certificate, I mean including CRL.

Is it possible with curl ? Or, do I have to do this in php ?

Here is my php code :

$url = "https://www.verisign.fr/";

$ch = curl_init ($url);

if (!$ch) {

            die ("Connexion CURL impossible");

}

            curl_setopt($ch, CURLOPT_VERBOSE, 1);

            curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);

            $user_agent = "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
5.0)";

            curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);

            $certfile = "test.crt";

            $certpasswd = "123456";

            curl_setopt ($ch, CURLOPT_SSLCERT, $certfile);

            curl_setopt ($ch, CURLOPT_SSLCERTPASSWD, $certpasswd);

            $keyfile = "test.pem";

            $keypasswd = "123456";

            curl_setopt ($ch, CURLOPT_SSLKEY, $keyfile);

            curl_setopt ($ch, CURLOPT_SSLKEYPASSWD, $keypasswd);

            $criterium = "ca.cer";

            curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, true);

            curl_setopt ($ch, CURLOPT_CAINFO, $criterium);

            curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 2);

$code = curl_exec ($ch);

$errnum=curl_errno($ch);

if($errnum != "0") {

            echo curl_errno($ch) . " - " . curl_error($ch) . "<br>";

}

            // For DEBUG :

            echo "<pre>";

print_r(curl_getinfo($ch));

print_r($code);

echo "</pre>";

I works well, except that I don't check the CRL.

If I have to do the verification in php, I would like to know how to get the
server certificate informations from the server in order to do the
verification with the CRL.

Thank you for your help.

Patrick

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2006-08-28