raol ha scritto:
Kevin Mendel wrote:
(1)
It seems like verification of the server certificate is off by default. Is
this correct?
I cannot find any way to disable it or enable it or check it. Can the
"verify peer"
option be enabled? Can the option be queried?
I see documentation for settings at the CURL or even the SSL level. But I
am
using the SoapClient, so it's no help. (Or is it?)
These questions would be very interesting for me too.
I dont't think that the verification of the server-certificate is off by
default.
If I want to connect a soapClient to a https-webservice without further
authentication and verification, the soapClient complains that it cannot
establish a ssl-connection (openssl and curl are enabled). So I think it
doesn't accept the server-certificate by default. But I use an untrusted
server-certificate, maybe that's a difference.
the only way that i know is to create a valid certificate, no problem if
it's selfsigned, but it must be valid for the called host.
Webservices are like ordinary webClients ( browsers ) they prevent , in
this case via openssl , to accept a certificate that doesn't fit the
basic security policy.
This is my experience , if someone got more infos , i'll be happy to go
in deep with this :)
--
PHP Soap Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
