dsfds656545 2019-04-18 20:56
浏览 184
已采纳

如何使用php curl进行相互/双向身份验证?

The website is saying "You are not authenticated with digital certificate, or possibly the connection time expired. Authenticate again with your digital certificate.".

I have gotten this message every time, so rather than connection time expiring, I think that my attempt of authenticating is just not working.

The way I am doing this is I start with just a pfx file, and a passphrase to open it. I make the pem certificate with openssl and the pfx.

Code:

<?php
$pfx_path = 'me.pfx';
$pfx_pass = 'foopass123';
$pfx_values = [];
openssl_pkcs12_read(file_get_contents($pfx_path), $pfx_values, $pfx_pass);
$cert_path = 'me.pem';
file_put_contents($cert_path, $pfx_values['cert'] . "
" . $pfx_values['pkey']);
$postfields = 'field1=val1&field2=val2&field3=val3';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL           , 'https://www.example.com');
curl_setopt($ch, CURLOPT_POST          , true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS    , $postfields);
curl_setopt($ch, CURLOPT_SSLCERT       , $cert_path);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
$curl_result = curl_exec($ch);
$curl_info = curl_getinfo($ch);
curl_close($ch);

Result of executing the code (showing just a quote of the HTML of $curl_result):

You are not authenticated with digital certificate, or possibly the connection time expired. Authenticate again with digital certificate.

By the way, $curl_info['ssl_verify_result'] is 0, which I guess means that at least the server was correctly authenticated.

EDIT: removed CURLOPT_SSLCERTPASSWD because it's not necessary, the pfx file was already open with the password, and its private and public key were put naked into $cert_path.

  • 写回答

1条回答 默认 最新

  • duankousong9637 2019-04-18 22:27
    关注

    A header was necessary to achieve successful authentication on that specific site. The missing header was Cookie: ..., that contained specific fields, like for example a session ID (which you can get by logging in the website with cURL or simply as a user through a browser, you can copy and paste the cookie generated by the server).

    You can specify the Cookie header with:

    curl_setopt($ch, CURLOPT_COOKIE,
    'foo=123;'
    . ' bar=456;'
    . ' SESSIONID=789;'
);

    And alternatively you can specify it with: 

    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Cookie: foo=123;'
    . ' bar=456;'
    . ' SESSIONID=789;'
));

    To look at this in a general way, and not as a problem limited to a specific site, notice that different sites will require different headers and cookies, as well as they may require none.

    So if you want to do mutual authentication in a given site like a user does, make sure that you are using the correct headers and cookies in case it's needed.

    Now, how to get a session ID with cURL, that depends on each site, and it's outside the scope of the question, but in general it's a matter of imitating with PHP the same operation that the user does in a browser, and it's probably done in a particular URL within the site, and not all site broad.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用
  • ¥100 vc++混合CEF采用CLR方式编译报错
  • ¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误,如何解决?
  • ¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
  • ¥15 c#逐行读取txt文本,但是每一行里面数据之间空格数量不同
  • ¥50 如何openEuler 22.03上安装配置drbd
  • ¥20 ING91680C BLE5.3 芯片怎么实现串口收发数据
  • ¥15 无线连接树莓派,无法执行update,如何解决?(相关搜索:软件下载)
  • ¥15 Windows11, backspace, enter, space键失灵