使用 tls 时如何让 fsockopen 忽略证书
[英]How to make fsockopen to ignore certificates when using tls
问题描述
In PHP7.0, when using fsockopen to connect to open a https connection (hosted in same host), using a host name like tls://foo.localhost , I am getting an error that looks like
在 PHP7.0 中,当使用 fsockopen 连接打开一个 https 连接(托管在同一主机中)时,使用像tls://foo.localhost这样的主机名,我收到一个错误,看起来像
fsockopen(): Peer certificate CN="bar" did not match expected CN="foo.localhost"
Connection is not opened.连接未打开。
Same code worked in PHP 5.5 (that is less strict checking vertificates).相同的代码在 PHP 5.5 中工作(即不那么严格的检查验证)。 I do not really care about verifying certificates (this code runs in a unit test and integration suite, connecting only to localhost).我并不真正关心验证证书(此代码在单元测试和集成套件中运行,仅连接到本地主机)。 Tests need to be run against http and https, though.不过,测试需要针对 http 和 https 运行。
I know how to disable those checks when using file_get_contents .我知道如何在使用file_get_contents时禁用这些检查。
How can I disable the peer certificate verification when using fsockopen?使用 fsockopen 时如何禁用对等证书验证?
1 个解决方案
解决方案1
8 已采纳 2017-05-05 09:13:47
fsockopen don't provide method to ignore peer certificate errors. fsockopen不提供忽略对等证书错误的方法。
You have to use stream_socket_client with context .您必须将stream_socket_client与context一起使用。 Available ssl/tls context options are available here .可用的 ssl/tls 上下文选项在此处可用。
Example of opening socket without peer verification没有对等验证打开套接字的示例
$context = stream_context_create([
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false
]
]);
$hostname = "tls://foo.localhost:8123";
$socket = stream_socket_client($hostname, $errno, $errstr, ini_get("default_socket_timeout"), STREAM_CLIENT_CONNECT, $context);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.