本文介绍了在 PHP SoapClient 中禁用证书验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

总结:
有没有办法强制 PHP 中的内置 SoapClient 类通过 HTTPS 连接到证书无效的服务器?

Summary:
Is there a way to force the built in SoapClient-class in PHP to connect over HTTPS to a server with an invalid certificate?

我为什么要这样做?
我在没有 DNS 条目或证书的服务器上部署了一个新应用程序.我想在设置 DNS 条目和修复证书之前尝试使用 SoapClient 连接到它,而最合理的方法似乎是让客户端在测试期间忽略证书.

Why would I want to do that?
I have deployed a new application on a server that has no DNS entry or certificate yet. I want to try connecting to it with a SoapClient before setting up the DNS entry and fixing the certificate, and the most reasonable way to do this seems to be to just make the client ignore the certificate during testing.

难道我没有意识到这是一个巨大的安全风险吗?
这仅用于测试.当服务投入生产时,将有一个有效的证书,并且客户端将被迫对其进行验证.

Don't I realise that this is a huge security risk?
This is only for testing. When the service goes into production, there will be a valid certificate in place, and the client will be forced to validate it.

推荐答案

SoapClient 需要一个 其参数中的流上下文,您可以自己创建.这样你就可以控制传输层的几乎所有方面:

SoapClient takes a stream context in its parameters, which you can create yourself. That way you can control almost every aspect of the transport layer:

$context = stream_context_create([
    'ssl' => [
        // set some SSL/TLS specific options
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    ]
]);

$client  = new SoapClient(null, [
    'location' => 'https://...',
    'uri' => '...',
    'stream_context' => $context
]);

文档:

这篇关于在 PHP SoapClient 中禁用证书验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-24 15:21
查看更多