dsfds656545 2019-04-18 20:56
浏览 184

如何使用php curl进行相互/双向身份验证?

The website is saying "You are not authenticated with digital certificate, or possibly the connection time expired. Authenticate again with your digital certificate.".

I have gotten this message every time, so rather than connection time expiring, I think that my attempt of authenticating is just not working.

The way I am doing this is I start with just a pfx file, and a passphrase to open it. I make the pem certificate with openssl and the pfx.


$pfx_path = 'me.pfx';
$pfx_pass = 'foopass123';
$pfx_values = [];
openssl_pkcs12_read(file_get_contents($pfx_path), $pfx_values, $pfx_pass);
$cert_path = 'me.pem';
file_put_contents($cert_path, $pfx_values['cert'] . "
" . $pfx_values['pkey']);
$postfields = 'field1=val1&field2=val2&field3=val3';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL           , 'https://www.example.com');
curl_setopt($ch, CURLOPT_POST          , true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS    , $postfields);
curl_setopt($ch, CURLOPT_SSLCERT       , $cert_path);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
$curl_result = curl_exec($ch);
$curl_info = curl_getinfo($ch);

Result of executing the code (showing just a quote of the HTML of $curl_result):

You are not authenticated with digital certificate, or possibly the connection time expired. Authenticate again with digital certificate.

By the way, $curl_info['ssl_verify_result'] is 0, which I guess means that at least the server was correctly authenticated.

EDIT: removed CURLOPT_SSLCERTPASSWD because it's not necessary, the pfx file was already open with the password, and its private and public key were put naked into $cert_path.

  • 写回答

1条回答 默认 最新

  • duankousong9637 2019-04-18 22:27

    A header was necessary to achieve successful authentication on that specific site. The missing header was Cookie: ..., that contained specific fields, like for example a session ID (which you can get by logging in the website with cURL or simply as a user through a browser, you can copy and paste the cookie generated by the server).

    You can specify the Cookie header with:

    curl_setopt($ch, CURLOPT_COOKIE,
        . ' bar=456;'
        . ' SESSIONID=789;'

    And alternatively you can specify it with:

    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'Cookie: foo=123;'
        . ' bar=456;'
        . ' SESSIONID=789;'

    To look at this in a general way, and not as a problem limited to a specific site, notice that different sites will require different headers and cookies, as well as they may require none.

    So if you want to do mutual authentication in a given site like a user does, make sure that you are using the correct headers and cookies in case it's needed.

    Now, how to get a session ID with cURL, that depends on each site, and it's outside the scope of the question, but in general it's a matter of imitating with PHP the same operation that the user does in a browser, and it's probably done in a particular URL within the site, and not all site broad.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



  • ¥20 Html备忘录页面制作
  • ¥15 黄永刚的晶体塑性子程序中输入的材料参数里的晶体取向参数是什么形式的?
  • ¥20 数学建模来解决我这个问题
  • ¥15 计算机网络ip分片偏移量计算头部是-20还是-40呀
  • ¥15 stc15f2k60s2单片机关于流水灯,时钟,定时器,矩阵键盘等方面的综合问题
  • ¥15 YOLOv8已有一个初步的检测模型,想利用这个模型对新的图片进行自动标注,生成labellmg可以识别的数据,再手动修改。如何操作?
  • ¥30 NIRfast软件使用指导
  • ¥20 matlab仿真问题,求功率谱密度
  • ¥15 求micropython modbus-RTU 从机的代码或库?
  • ¥15 django5安装失败