dsfds656545 2019-04-18 20:56
浏览 184
已采纳

如何使用php curl进行相互/双向身份验证?

The website is saying "You are not authenticated with digital certificate, or possibly the connection time expired. Authenticate again with your digital certificate.".

I have gotten this message every time, so rather than connection time expiring, I think that my attempt of authenticating is just not working.

The way I am doing this is I start with just a pfx file, and a passphrase to open it. I make the pem certificate with openssl and the pfx.

Code:

<?php
$pfx_path = 'me.pfx';
$pfx_pass = 'foopass123';
$pfx_values = [];
openssl_pkcs12_read(file_get_contents($pfx_path), $pfx_values, $pfx_pass);
$cert_path = 'me.pem';
file_put_contents($cert_path, $pfx_values['cert'] . "
" . $pfx_values['pkey']);
$postfields = 'field1=val1&field2=val2&field3=val3';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL           , 'https://www.example.com');
curl_setopt($ch, CURLOPT_POST          , true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS    , $postfields);
curl_setopt($ch, CURLOPT_SSLCERT       , $cert_path);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
$curl_result = curl_exec($ch);
$curl_info = curl_getinfo($ch);
curl_close($ch);

Result of executing the code (showing just a quote of the HTML of $curl_result):

You are not authenticated with digital certificate, or possibly the connection time expired. Authenticate again with digital certificate.

By the way, $curl_info['ssl_verify_result'] is 0, which I guess means that at least the server was correctly authenticated.

EDIT: removed CURLOPT_SSLCERTPASSWD because it's not necessary, the pfx file was already open with the password, and its private and public key were put naked into $cert_path.

  • 写回答

1条回答 默认 最新

  • duankousong9637 2019-04-18 22:27
    关注

    A header was necessary to achieve successful authentication on that specific site. The missing header was Cookie: ..., that contained specific fields, like for example a session ID (which you can get by logging in the website with cURL or simply as a user through a browser, you can copy and paste the cookie generated by the server).

    You can specify the Cookie header with:

    curl_setopt($ch, CURLOPT_COOKIE,
    'foo=123;'
    . ' bar=456;'
    . ' SESSIONID=789;'
);

    And alternatively you can specify it with: 

    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Cookie: foo=123;'
    . ' bar=456;'
    . ' SESSIONID=789;'
));

    To look at this in a general way, and not as a problem limited to a specific site, notice that different sites will require different headers and cookies, as well as they may require none.

    So if you want to do mutual authentication in a given site like a user does, make sure that you are using the correct headers and cookies in case it's needed.

    Now, how to get a session ID with cURL, that depends on each site, and it's outside the scope of the question, but in general it's a matter of imitating with PHP the same operation that the user does in a browser, and it's probably done in a particular URL within the site, and not all site broad.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!