- PHP 7 Tutorial
- PHP 7 - Home
- PHP 7 - Introduction
- PHP 7 - Performance
- PHP 7 - Environment Setup
- PHP 7 - Scalar Type Declarations
- PHP 7 - Return Type Declarations
- PHP 7 - Null Coalescing Operator
- PHP 7 - Spaceship Operator
- PHP 7 - Constant Arrays
- PHP 7 - Anonymous Classes
- PHP 7 - Closure::call()
- PHP 7 - Filtered unserialize()
- PHP 7 - IntlChar
- PHP 7 - CSPRNG
- PHP 7 - Expectations
- PHP 7 - use Statement
- PHP 7 - Error Handling
- PHP 7 - Integer Division
- PHP 7 - Session Options
- PHP 7 - Deprecated Features
- PHP 7 - Removed Extensions & SAPIs
- PHP 7 Useful Resources
- PHP 7 - Quick Guide
- PHP 7 - Useful Resources
- PHP 7 - Discussion
PHP SSL context options
Introduction
List of Context options for ssl:// and tls:// transports.
| peer_name | Peer name to be used. If this value is not set, then the name is guessed based on the hostname used when opening the stream. |
|---|---|
| verify_peer | Require verification of SSL certificate used. Defaults to TRUE. |
| verify_peer_name | Require verification of peer name. Defaults to TRUE. |
| allow_self_signed | Allow self-signed certificates. Requires verify_peer. Defaults to FALSE |
| cafile | Location of Certificate Authority file on local filesystem to be used to authenticate identity of remote peer. |
| capath | must be a correctly hashed certificate directory. |
| local_cert | Path to local certificate file on filesystem. |
| local_pk | Path to local private key file on filesystem in case of separate files for certificate and private key. |
| passphrase | Passphrase with which your local_cert file was encoded. |
| CN_match | Common Name we are expecting. If the Common Name does not match, connection attempt will fail. |
| verify_depth | Abort if the certificate chain is too deep. |
| ciphers | Sets the list of available ciphers. The format of the string is described in » ciphers(1). |
| capture_peer_cert | If set to TRUE a peer_certificate context option will be created containing the peer certificate. |
| capture_peer_cert_chain | If set to TRUE a peer_certificate_chain context option will be created containing the certificate chain. |
| SNI_enabled | If set to TRUE server name indication will be enabled. |
| SNI_server_name | If set, this value will be used as server name for server name indication. Otherwise server name is guessed based on the hostname used |
| disable_compression | If set, disable TLS compression. |
| peer_fingerprint | Aborts when the remote certificate digest doesn't match the specified hash. |
| security_level | Sets the security level. If not specified,default security level is used. Available as of PHP 7.2.0 and OpenSSL 1.1.0. |
Example
This example shows SSL context settings.
$stream_context = stream_context_create([ 'ssl' => [
'local_cert' => '/path/to/key.pem',
'peer_fingerprint' => openssl_x509_fingerprint(file_get_contents('/path/to/key.crt')),
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
'verify_depth' => 0 ]]);
- Related Articles
- PHP FTP context options
- PHP HTTP context options
- PHP MongoDB context options
- PHP Phar context options
- PHP Socket context options
- PHP Zip context options
- CURL context options in PHP
- PHP Context Parameters
- HTML5 Geolocation without SSL connection
- Difference between IPSec and SSL
- Difference between Kerberos and SSL
- What are the SSL Certificates?
- Python Context Variables
- Perl Variable Context
- nginx ssl certificate installation in linux
Advertisements