CURL是PHP自带默认模块之一,它的作用在于可构建http、https等传输协议与其他服务器进行数据传输。

对于CURL的详细说明和用法,可访问 https://www.php.net/manual/zh/book.curl.php

随着安全等级要求越来越高,https已经是最常用的的安全传输协议之一了,所以需要配置CURL让其支持SSL。

1、为CURL下载CA证书

CURL所使用的证书是免费下载的,可访问https://curl.haxx.se/docs/caextract.html下载ca证书,证书为PEM格式。

下载完毕后,可将证书文件放入到PHP的安装目录下。

2、PHP启用CURL和OpenSSL扩展

在php.ini文件中,可找到如下两处扩展配置:

extension=curl
extension=openssl

将此两处扩张前的;去除,即可启用这两处扩展。

3、配置CURL和OpenSSL

在php.ini中找到CURL和OpenSSL的单独配置项,设置CA证书路径。

[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = [CA证书文件路径]

[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile = [CA证书文件路径]

; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
openssl.capath = [CA证书文件夹路径]

配置完毕后,PHP即可通过CURL来进行https访问,可以进行文件下载和上传了。

发表评论