Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page

Table of Contents

Join the project

Jump to the project tracker to join this project - or report bugs!

Source code can be viewed at https://bitbucket.tornevall.net/projects/LIB/repos/tornelib-php/browse/classes/tornevall_network.php

...

PHP-cURL

...

simplifier library

The network- and cURL class is an independent class library that handles network related things. The cURL library especially, has special features, like parsing data received from the body. For example, calling an URL that returns json strings, you'll get an object back that you could handle immediately, instead of parsing the data yourself.

...

$Response = $CURL->doGet("https://test.com/requestService?wsdl", \TorneLIB\CURL_POST_AS::POST_AS_SOAP);

SSL Certificates and

...

Primary usage: WSDL calls.

verification

The cUrl library has it's own method to find out if there are missing SSL certificates during https-calls. Normally, this is not a very big issue, since standard linux installations are smart enough to store bundles, pems and crt-files in standard locations (/etc/ssl/certs for example). This is however not always the case. If the storage is located elsewhere, https-calls may sometimes fail. By using $CURL→sslPemLocations, you can replace the current standard paths and let the library look for them where you believe they should be instead, since this can not be set on fly through ini_set. This whole operation may be tested through the call TestCerts(), that runs an internal function openssl_guess(). This function is always called from the primary constructor, to make sure the certificates can be located as early as possible and it a certificate file are found in the inital run, it does not have to be runned again. Later on, when using the primary GET/POST/etc-calls the certificate bundle will be used in the stream_context-handler to make sure the https gets handled properly.

...

Code Block
languagephp
titlesslPemLocations
require_once("tornevall_network.php");
$CURL = new \TorneLIB\Tornevall_cURL();
$CURL->sslPemLocations = array('/home/users/myTestUserName/certs/sslBundles.pem');
$CURL->doGet("https://my-test-url.com");

Peer and host verification

Since version 5.0.0-20170210 the peer and host verification has been hardened, so if a system runs an insecure configuration (where SSL certificate bundles are missing), disabling the peer/host verification must actively be done at initialization of the library, as in the example below. However, if your system contains SSL certificates, but located somewhere else than in a default location, this could be configured by the above example with sslPemLocations.

However, from PHP 5.6.0 this should normally not be necessary, since openssl_get_cert_locations() should normally take care of this, through the local function of the library - openssl_guess().

Code Block
languagephp
titleDisable peer verification example
require_once("tornevall_network.php");
$CURL = new \TorneLIB\Tornevall_cURL();
$CURL->setSslUnverified(true);
$CURL->doGet("https://my-test-url.com");