CN_match 弃用 peer_name
CN_match deprecated in favor of peer_name
我正在尝试通过 SSL 从一台服务器向 PHP 中的另一台服务器发送 POST 请求。当我在我的上下文选项中使用 CN_match 时它工作正常。但是我在错误日志中收到一条弃用消息:
PHP Deprecated: the 'CN_match' SSL context option is deprecated in favor of 'peer_name'
问题是,如果我按照建议将 CN_match 更改为 peer_name,请求将完全失败并显示以下消息:
failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request.
对 peer_name 使用无效值会导致预期错误:
Peer certificate CN='localhost' did not match expected CN='test'
很明显,当我指定 'localhost' 时它匹配正确。我是否缺少使用 peer_name 而不是 CN_match 时所需的其他一些配置?
使用 MAMP,PHP5.6.27
$userdata = array(
'action' => 'add-user',
'name' => $name,
'email' => $email,
'username' => $username,
'password' => $password);
// use key 'http' even if you send the request to https://...
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($userdata)
),
'ssl' => array(
'verify_peer' => true,
'cafile' => /path/to/file.pem,
'verify_depth' => 5,
'allow_self_signed' => true,
'peer_name' => 'localhost'
)
);
$context = stream_context_create($options);
$data = file_get_contents('https://localhost/add-user.php', false, $context);
使用 curl 是我能找到的唯一解决方案:
$url = 'https://some.domain.com/file.php';
$pem_file = '/absolute/path/to/certificate.pem';
$userdata = array(
'action' => 'add-user',
'name' => $name,
'email' => $email,
'username' => $username,
'password' => $password);
$curl_req = curl_init();
curl_setopt($curl_req, CURLOPT_URL, $url);
curl_setopt($curl_req, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_req, CURLOPT_POST, true);
curl_setopt($curl_req, CURLOPT_HTTPHEADER, array('Content-type: application/x-www-form-urlencoded'));
curl_setopt($curl_req, CURLOPT_POSTFIELDS, http_build_query($userdata));
curl_setopt($curl_req, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl_req, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl_req, CURLOPT_CAINFO, $pem_file);
$response = curl_exec($curl_req);
curl_close($curl_req);
此外,我花了一段时间才弄清楚如何构建 certificate.pem 文件。您需要堆叠证书,从您的特定证书开始,通过任何中间证书进行,并以 CA 证书结束:
-----BEGIN CERTIFICATE-----
<your site certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<CA certificate>
-----END CERTIFICATE-----
我正在尝试通过 SSL 从一台服务器向 PHP 中的另一台服务器发送 POST 请求。当我在我的上下文选项中使用 CN_match 时它工作正常。但是我在错误日志中收到一条弃用消息:
PHP Deprecated: the 'CN_match' SSL context option is deprecated in favor of 'peer_name'
问题是,如果我按照建议将 CN_match 更改为 peer_name,请求将完全失败并显示以下消息:
failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request.
对 peer_name 使用无效值会导致预期错误:
Peer certificate CN='localhost' did not match expected CN='test'
很明显,当我指定 'localhost' 时它匹配正确。我是否缺少使用 peer_name 而不是 CN_match 时所需的其他一些配置?
使用 MAMP,PHP5.6.27
$userdata = array(
'action' => 'add-user',
'name' => $name,
'email' => $email,
'username' => $username,
'password' => $password);
// use key 'http' even if you send the request to https://...
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($userdata)
),
'ssl' => array(
'verify_peer' => true,
'cafile' => /path/to/file.pem,
'verify_depth' => 5,
'allow_self_signed' => true,
'peer_name' => 'localhost'
)
);
$context = stream_context_create($options);
$data = file_get_contents('https://localhost/add-user.php', false, $context);
使用 curl 是我能找到的唯一解决方案:
$url = 'https://some.domain.com/file.php';
$pem_file = '/absolute/path/to/certificate.pem';
$userdata = array(
'action' => 'add-user',
'name' => $name,
'email' => $email,
'username' => $username,
'password' => $password);
$curl_req = curl_init();
curl_setopt($curl_req, CURLOPT_URL, $url);
curl_setopt($curl_req, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_req, CURLOPT_POST, true);
curl_setopt($curl_req, CURLOPT_HTTPHEADER, array('Content-type: application/x-www-form-urlencoded'));
curl_setopt($curl_req, CURLOPT_POSTFIELDS, http_build_query($userdata));
curl_setopt($curl_req, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl_req, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl_req, CURLOPT_CAINFO, $pem_file);
$response = curl_exec($curl_req);
curl_close($curl_req);
此外,我花了一段时间才弄清楚如何构建 certificate.pem 文件。您需要堆叠证书,从您的特定证书开始,通过任何中间证书进行,并以 CA 证书结束:
-----BEGIN CERTIFICATE-----
<your site certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<CA certificate>
-----END CERTIFICATE-----