Hello,

I use curl to talk to a HTTPS server, and I would like to know how to fully
verify the certificate, I mean including CRL.
Is it possible with curl ? Or, do I have to do this in php ?

Here is my php code :
$url = "https://www.verisign.fr/";
$ch = curl_init ($url);
if (!$ch) {
            die ("Connexion CURL impossible");
}
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
$user_agent = "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)";
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
$certfile = "test.crt";
$certpasswd = "123456";
curl_setopt ($ch, CURLOPT_SSLCERT, $certfile);
curl_setopt ($ch, CURLOPT_SSLCERTPASSWD, $certpasswd);
$keyfile = "test.pem";
$keypasswd = "123456";
curl_setopt ($ch, CURLOPT_SSLKEY, $keyfile);
curl_setopt ($ch, CURLOPT_SSLKEYPASSWD, $keypasswd);
$criterium = "ca.cer";
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt ($ch, CURLOPT_CAINFO, $criterium);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 2);

$code = curl_exec ($ch);

$errnum=curl_errno($ch);
if($errnum != "0") {
            echo curl_errno($ch) . " - " . curl_error($ch) . "<br>";
}
// For DEBUG :
echo "<pre>";
print_r(curl_getinfo($ch));
print_r($code);
echo "</pre>";

It works well, except that I don't check the CRL. Is ther any way using cURL
?
If I have to do the verification in php, I would like to know how to get the

server certificate informations from the server in order to do the
verification with the CRL.

Thank you for your help.

Patrick

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2006-08-30