PHP CURL & HTTPS

2022-08-30 08:16:28

我发现这个功能可以做得很好(恕我直言):http://nadeausoftware.com/articles/2007/06/php_tip_how_get_web_page_using_curl

/**
 * Get a web file (HTML, XHTML, XML, image, etc.) from a URL.  Return an
 * array containing the HTTP server response header fields and content.
 */
function get_web_page( $url )
{
    $options = array(
        CURLOPT_RETURNTRANSFER => true,     // return web page
        CURLOPT_HEADER         => false,    // don't return headers
        CURLOPT_FOLLOWLOCATION => true,     // follow redirects
        CURLOPT_ENCODING       => "",       // handle all encodings
        CURLOPT_USERAGENT      => "spider", // who am i
        CURLOPT_AUTOREFERER    => true,     // set referer on redirect
        CURLOPT_CONNECTTIMEOUT => 120,      // timeout on connect
        CURLOPT_TIMEOUT        => 120,      // timeout on response
        CURLOPT_MAXREDIRS      => 10,       // stop after 10 redirects
    );

    $ch      = curl_init( $url );
    curl_setopt_array( $ch, $options );
    $content = curl_exec( $ch );
    $err     = curl_errno( $ch );
    $errmsg  = curl_error( $ch );
    $header  = curl_getinfo( $ch );
    curl_close( $ch );

    $header['errno']   = $err;
    $header['errmsg']  = $errmsg;
    $header['content'] = $content;
    return $header;
}

我唯一的问题是它不适用于 https://。Anny认为我需要做些什么才能使它适用于https?谢谢!


答案 1

快速修复,将其添加到您的选项中:

curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false)

现在,您不知道实际连接到的主机,因为 cURL 不会以任何方式验证证书。希望你喜欢中间人攻击

或者只是将其添加到当前函数中:

/**
 * Get a web file (HTML, XHTML, XML, image, etc.) from a URL.  Return an
 * array containing the HTTP server response header fields and content.
 */
function get_web_page( $url )
{
    $options = array(
        CURLOPT_RETURNTRANSFER => true,     // return web page
        CURLOPT_HEADER         => false,    // don't return headers
        CURLOPT_FOLLOWLOCATION => true,     // follow redirects
        CURLOPT_ENCODING       => "",       // handle all encodings
        CURLOPT_USERAGENT      => "spider", // who am i
        CURLOPT_AUTOREFERER    => true,     // set referer on redirect
        CURLOPT_CONNECTTIMEOUT => 120,      // timeout on connect
        CURLOPT_TIMEOUT        => 120,      // timeout on response
        CURLOPT_MAXREDIRS      => 10,       // stop after 10 redirects
        CURLOPT_SSL_VERIFYPEER => false     // Disabled SSL Cert checks
    );

    $ch      = curl_init( $url );
    curl_setopt_array( $ch, $options );
    $content = curl_exec( $ch );
    $err     = curl_errno( $ch );
    $errmsg  = curl_error( $ch );
    $header  = curl_getinfo( $ch );
    curl_close( $ch );

    $header['errno']   = $err;
    $header['errmsg']  = $errmsg;
    $header['content'] = $content;
    return $header;
}

答案 2

我试图使用CURL用php做一些https API调用,并遇到了这个问题。我注意到php网站上的一个建议,它让我启动并运行:http://php.net/manual/en/function.curl-setopt.php#110457

请大家停止将CURLOPT_SSL_VERIFYPEER设置为 false 或 0。如果您的 PHP 安装没有最新的 CA 根证书捆绑包,请在 curl 网站上下载该捆绑包并将其保存在服务器上:

http://curl.haxx.se/docs/caextract.html

然后在php.ini文件中设置它的路径,例如在Windows上:

curl.cainfo=c:\php\cacert.pem

关闭CURLOPT_SSL_VERIFYPEER允许中间人(MITM)攻击,这是你不想要的!


推荐