'PHP - CURL using HTTPS [closed]
I am trying to get Json Data from a https url.
I have tested and working code to do just this for http but I am yet to find a working version for https. This needs to be secure code.
This is my http version that works:
<?php
$key = "admin"; //user
$secret = "admin"; //pass
$api_ep = "http://$Hostname:$Port/$address";
if ($key && $secret){
$curl_opts = array(
CURLOPT_HTTPHEADER=>array("Accept: application/json"),
CURLOPT_VERBOSE=>false,
CURLOPT_HEADER=>false,
CURLOPT_POST=>false,
CURLOPT_RETURNTRANSFER=>true,
CURLOPT_HTTPAUTH=>CURLAUTH_DIGEST,
CURLOPT_USERPWD=>$key.":".$secret,
CURLOPT_URL=> $api_ep
);
}
function disp($opts,$var){
$ch = curl_init();
curl_setopt_array($ch, $opts);
$raw_resp = curl_exec($ch);
// $array_resp = json_decode($raw_resp);
//print_r($array_resp);
print_r($raw_resp);
curl_close($ch);
//$array = json_decode($raw_resp, true);
//print_r($array_resp);
//disp_table($array_resp, $var);
}
disp($curl_opts,$Type);
?>
Solution 1:[1]
If you don't have any sensitive data you can try setting CURLOPT_SSL_VERIFYPEER to FALSE
Else you will have to verify the certificate.
Since Curl doesn't have built-in root certificates. You need to explicitly point it to a cacert.pem file:
curl_setopt($ch, CURLOPT_CAINFO, '/path/to/cert/file/cacert.pem');
Without this, curl cannot verify the certificate sent back via ssl. This same root certificate file can be used every time you use SSL in curl.
You can get the cacert.pem file here: http://curl.haxx.se/docs/caextract.html
Note:
Setting CURLOPT_SSL_VERIFYPEER to false allows for man-in-the-middle-attacks. rmckay at webaware dot com dot au warns for this on nl3.php.net/manual/en/function.curl-setopt.php and gives an alternative solution that works: downloading a CA root certificate bundle at the curl website and saving it on your server. See at the given site, scroll down to the user comments
Solution 2:[2]
This code below works for https.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $basicAuthUrl);
$header = array();
$header[] = 'Content-length: 29';
$header[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8';
$header[] = 'Authorization: Basic ' . $keyAndSecretEncoded;
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$result = curl_exec($ch);
curl_close($ch);
Solution 3:[3]
Add the following to disable SSL verification.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
Curl SSL fails to verify self signed certificates and hence, you will not be able to connect with https hosts if they are using self signed certificates.
function disp($opts,$var){
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt_array($ch, $opts);
$raw_resp = curl_exec($ch);
print_r($raw_resp);
curl_close($ch);
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | rameshpa |
| Solution 3 | Atul Sharma |