Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
PHP SSL context options
Introduction
List of Context options for ssl:// and tls:// transports.
| peer_name | Peer name to be used. If this value is not set, then the name is guessed based on the hostname used when opening the stream. |
|---|---|
| verify_peer | Require verification of SSL certificate used. Defaults to TRUE. |
| verify_peer_name | Require verification of peer name. Defaults to TRUE. |
| allow_self_signed | Allow self-signed certificates. Requires verify_peer. Defaults to FALSE |
| cafile | Location of Certificate Authority file on local filesystem to be used to authenticate identity of remote peer. |
| capath | must be a correctly hashed certificate directory. |
| local_cert | Path to local certificate file on filesystem. |
| local_pk | Path to local private key file on filesystem in case of separate files for certificate and private key. |
| passphrase | Passphrase with which your local_cert file was encoded. |
| CN_match | Common Name we are expecting. If the Common Name does not match, connection attempt will fail. |
| verify_depth | Abort if the certificate chain is too deep. |
| ciphers | Sets the list of available ciphers. The format of the string is described in » ciphers(1). |
| capture_peer_cert | If set to TRUE a peer_certificate context option will be created containing the peer certificate. |
| capture_peer_cert_chain | If set to TRUE a peer_certificate_chain context option will be created containing the certificate chain. |
| SNI_enabled | If set to TRUE server name indication will be enabled. |
| SNI_server_name | If set, this value will be used as server name for server name indication. Otherwise server name is guessed based on the hostname used |
| disable_compression | If set, disable TLS compression. |
| peer_fingerprint | Aborts when the remote certificate digest doesn't match the specified hash. |
| security_level | Sets the security level. If not specified,default security level is used. Available as of PHP 7.2.0 and OpenSSL 1.1.0. |
Example
This example shows SSL context settings.
$stream_context = stream_context_create([ 'ssl' => [
'local_cert' => '/path/to/key.pem',
'peer_fingerprint' => openssl_x509_fingerprint(file_get_contents('/path/to/key.crt')),
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
'verify_depth' => 0 ]]);
Updated on: 2020-09-21T11:13:40+05:30
1K+ Views
Advertisements