php - How do I keep my cacert.pem current for security reasons when using curl? -


i keep root certificates current use curl , php's internal curl command, there no parameter download current file requires proper secure connection , keep current.

and example of using curl in php secure connection requires file named cacert.pem (pem encoded certificate chain validating remote connections) follows :

$ch = curl_init(); curl_setopt($ch, curlopt_url, "https://www.google.com"); curl_setopt($ch, curlopt_connecttimeout, 15); curl_setopt($ch, curlopt_timeout, 15); curl_setopt($ch, curlopt_returntransfer, 1); curl_setopt($ch, curlopt_header, 0); curl_setopt($ch, curlopt_ssl_verifypeer, 1); curl_setopt($ch, curlopt_cainfo, "pathto/cacert.pem"); curl_setopt($ch, curlopt_sslversion, curl_sslversion_tlsv1_2); if (!($data = curl_exec($ch))) {     echo "no data received"; } else {     echo strlen($data) + " total byte(s)"; } curl_close($ch);

while people set curlopt_ssl_verifypeer false, , ignore problem, which bad . can see here certificate authority shows if not have file current, way connect secure server disable certificate checking , further warns of implications behind disabling peer verification.

what requesting legitimate way maintain local copy of cacert.pem when use curl in php communicate other servers, can continue securely .

this not request external resource or off-site link etc, due nature of problem, may way resolve require continuous updating certificate chains revoked. date, there no way obtain file either part of distribution of curl itself, or php, or curl library php , continue maintain it. while discouraging not simple update command curl --update-root-ca nice, not exist in form.

since writing article, (and rewrite), able resolve own problem including links directly only legitimate source maintain file provided on site maintained author of curl @ this location

further technology advancing question has been updated show how use curl in php , force tls v1.2 connection (something transaction providers require or recommend , may not supply information on how this).

regarding certificate authorities, there few key root authorities such :

  • symantec
  • rapidssl
  • thawte
  • geotrust
  • comodo

as other authorities nature such as

  • microsoft
  • mozilla
  • google

which can frame looking maintain own cacert.pem. keep in mind need download revocation lists (certificates have been breached or expired) respective crl's maintain proper trust mechanism, while should able away downloading root certificate chains , using local authorative file cacert.pem.


Comments

Post a Comment

Popular posts from this blog

apache - Remove .php and add trailing slash in url using htaccess not loading css -

i have add following code htaccess file removing .php extension , add trailing slash urls. worked fine reduced page loading speed , css code not loading @ all. pages ugly. please help rewriteengine on rewritebase / ## hide .php extension snippet # externally redirect /dir/foo.php /dir/foo rewritecond %{the_request} ^[a-z]{3,}\s([^.]+)\.php [nc] rewriterule ^ %1/ [r,l] # add trailing slash rewritecond %{request_filename} !-f rewritecond %{request_uri} !/$ rewriterule . %{request_uri}/ [l,r=301] # internally forward /dir/foo /dir/foo.php rewritecond %{request_filename} !-d rewritecond %{request_filename}.php -f rewriterule ^(.*?)/?$ $1.php [l] we can rewrite urls using .htaccess files. before writing in .htaccess files need verify kind of server using. can check server adding a <?php phpinfo(); ?> in php page. ensure mod_rewrite module enabled in apache server. can identified checking phpinfo included page. common methods used url rewriting follows ...
Read more

javascript - jQuery show full size image on click -

pretty self explanatory not workking . i want display full image when user click on image... yes know there tons of plugins but i want keep simple. any idea ? css : .full { display: none; width: 500px; height: 500px; margin-left: 100px; margin-top: -300px; position: fixed; background-color: #f00; z-index: 6; } .thumbnail { width: 50px; height: 50px; } html: <img class="thumbnail" src="http://4.bp.blogspot.com/-uhbdp2esxng/txneptvi92i/aaaaaaaaaky/upfqis7zto0/s1600/rihanna-wallpaper.jpg"> jquery: $(document).ready(function() { $('.thumbnail').on('click', function() { var img = $('<img />',{src:this.src,'class':'full'}); $('.full').html(img).show(); console.log('done!'); }); }); try looking how jquery works. $(document).ready(function() { $('.thumbnail').on('click', function(...
Read more