mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-16 00:48:54 +00:00
3af1948549
capture_peer_cert_chain/peer_certificate_chain git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@257377 c90b9560-bf6c-de11-be94-00142212c4b1
264 lines
9.1 KiB
XML
264 lines
9.1 KiB
XML
<?xml version="1.0" encoding="iso-8859-1"?>
|
|
<!-- $Revision: 1.16 $ -->
|
|
<appendix xml:id="transports" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
|
|
<title>List of Supported Socket Transports</title>
|
|
<para>
|
|
The following is a list of the various URL style socket transports
|
|
that PHP has built-in for use with the streams based socket
|
|
functions such as <function>fsockopen</function>, and
|
|
<function>stream_socket_client</function>. These transports do
|
|
<emphasis>not</emphasis> apply to the
|
|
<link linkend="ref.sockets">Sockets Extension</link>.
|
|
</para>
|
|
|
|
<para>
|
|
For a list of transports installed in your version of
|
|
PHP use <function>stream_get_transports</function>.
|
|
</para>
|
|
|
|
<section xml:id="transports.inet">
|
|
<title>Internet Domain: TCP, UDP, SSL, and TLS</title>
|
|
<simpara>
|
|
PHP 4, PHP 5, PHP 6.
|
|
<literal>ssl://</literal> & <literal>tls://</literal> since PHP 4.3.0
|
|
<literal>sslv2://</literal> & <literal>sslv3://</literal> since PHP 5.0.2
|
|
</simpara>
|
|
|
|
<note>
|
|
<simpara>
|
|
If no transport is specified, <literal>tcp://</literal> will be assumed.
|
|
</simpara>
|
|
</note>
|
|
|
|
<itemizedlist>
|
|
<listitem><simpara><literal>127.0.0.1</literal></simpara></listitem>
|
|
<listitem><simpara><literal>fe80::1</literal></simpara></listitem>
|
|
<listitem><simpara><literal>www.example.com</literal></simpara></listitem>
|
|
<listitem><simpara><literal>tcp://127.0.0.1</literal></simpara></listitem>
|
|
<listitem><simpara><literal>tcp://fe80::1</literal></simpara></listitem>
|
|
<listitem><simpara><literal>tcp://www.example.com</literal></simpara></listitem>
|
|
<listitem><simpara><literal>udp://www.example.com</literal></simpara></listitem>
|
|
<listitem><simpara><literal>ssl://www.example.com</literal></simpara></listitem>
|
|
<listitem><simpara><literal>sslv2://www.example.com</literal></simpara></listitem>
|
|
<listitem><simpara><literal>sslv3://www.example.com</literal></simpara></listitem>
|
|
<listitem><simpara><literal>tls://www.example.com</literal></simpara></listitem>
|
|
</itemizedlist>
|
|
|
|
<simpara>
|
|
Internet Domain sockets expect a port number in addition
|
|
to a target address. In the case of <function>fsockopen</function>
|
|
this is specified in a second parameter and therefore does
|
|
not impact the formatting of transport URL. With
|
|
<function>stream_socket_client</function> and related functions
|
|
as with traditional URLs however, the port number is specified
|
|
as a suffix of the transport URL delimited by a colon.
|
|
</simpara>
|
|
|
|
<itemizedlist>
|
|
<listitem><simpara><literal>tcp://127.0.0.1:80</literal></simpara></listitem>
|
|
<listitem><simpara><literal>tcp://[fe80::1]:80</literal></simpara></listitem>
|
|
<listitem><simpara><literal>tcp://www.example.com:80</literal></simpara></listitem>
|
|
</itemizedlist>
|
|
|
|
<note>
|
|
<title>IPv6 numeric addresses with port numbers</title>
|
|
<simpara>
|
|
In the second example above, while the IPv4 and hostname
|
|
examples are left untouched apart from the addition of
|
|
their colon and portnumber, the IPv6 address is wrapped in
|
|
square brackets: <literal>[fe80::1]</literal>. This is to
|
|
distinguish between the colons used in an IPv6 address and
|
|
the colon used to delimit the portnumber.
|
|
</simpara>
|
|
</note>
|
|
|
|
<simpara>
|
|
The <literal>ssl://</literal> and <literal>tls://</literal> transports
|
|
(available only when openssl support is compiled into PHP) are extensions
|
|
of the <literal>tcp://</literal> transport which include SSL encryption.
|
|
Since PHP 4.3.0 OpenSSL support must be statically
|
|
compiled into PHP, since PHP 5.0.0
|
|
it may be compiled as a module or statically.
|
|
</simpara>
|
|
|
|
<simpara>
|
|
<literal>ssl://</literal> will attempt to negotiate an SSL V2,
|
|
or SSL V3 connection depending on the capabilities and preferences
|
|
of the remote host. <literal>sslv2://</literal> and
|
|
<literal>sslv3://</literal> will select the SSL V2 or SSL V3
|
|
protocol explicitly.
|
|
</simpara>
|
|
|
|
<para>
|
|
<table>
|
|
<title>
|
|
Context options for <literal>ssl://</literal> and <literal>tls://</literal>
|
|
transports (since PHP 4.3.2)
|
|
</title>
|
|
<tgroup cols="3">
|
|
<thead>
|
|
<row>
|
|
<entry>Name</entry>
|
|
<entry>Usage</entry>
|
|
<entry>Default</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><literal>verify_peer</literal></entry>
|
|
<entry>
|
|
&true; or &false;.
|
|
Require verification of SSL certificate used.
|
|
</entry>
|
|
<entry>&false;</entry>
|
|
</row>
|
|
<row>
|
|
<entry><literal>allow_self_signed</literal></entry>
|
|
<entry>
|
|
&true; or &false;.
|
|
Allow self-signed certificates.
|
|
</entry>
|
|
<entry>&false;</entry>
|
|
</row>
|
|
<row>
|
|
<entry><literal>cafile</literal></entry>
|
|
<entry>
|
|
Location of Certificate Authority file on local filesystem
|
|
which should be used with the <literal>verify_peer</literal>
|
|
context option to authenticate the identity of the remote peer.
|
|
</entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><literal>capath</literal></entry>
|
|
<entry>
|
|
If <literal>cafile</literal> is not specified or if the certificate
|
|
is not found there, the directory pointed to by <literal>capath</literal>
|
|
is searched for a suitable certificate. <literal>capath</literal>
|
|
must be a correctly hashed certificate directory.
|
|
</entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><literal>local_cert</literal></entry>
|
|
<entry>
|
|
Path to local certificate file on filesystem. It must be a PEM
|
|
encoded file which contains your certificate and private key.
|
|
It can optionally contain the certificate chain of issuers.
|
|
</entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><literal>passphrase</literal></entry>
|
|
<entry>
|
|
Passphrase with which your <literal>local_cert</literal> file
|
|
was encoded.
|
|
</entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><literal>CN_match</literal></entry>
|
|
<entry>
|
|
Common Name we are expecting. PHP will perform limited wildcard
|
|
matching. If the Common Name does not match this, the connection
|
|
attempt will fail.
|
|
</entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><literal>verify_depth</literal></entry>
|
|
<entry>
|
|
Abort if the certificate chain is too deep.
|
|
</entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><literal>ciphers</literal></entry>
|
|
<entry>
|
|
Sets the list of available ciphers. The format of the string is described
|
|
in <link xlink:href="&url.openssl.ciphers;">ciphers(1)</link>. Added
|
|
in PHP 5.0.0.
|
|
</entry>
|
|
<entry><literal>DEFAULT</literal></entry>
|
|
</row>
|
|
<row>
|
|
<entry><literal>capture_peer_cert</literal></entry>
|
|
<entry>
|
|
If set to &true; a <literal>peer_certificate</literal> context option
|
|
will be created containing the peer certificate. Added in PHP 5.0.0.
|
|
</entry>
|
|
<entry>&false;</entry>
|
|
</row>
|
|
<row>
|
|
<entry><literal>capture_peer_cert_chain</literal></entry>
|
|
<entry>
|
|
If set to &true; a <literal>peer_certificate_chain</literal> context
|
|
option will be created containing the certificate chain. Added in PHP
|
|
5.0.0.
|
|
</entry>
|
|
<entry>&false;</entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</para>
|
|
|
|
<note>
|
|
<simpara>
|
|
Because <literal>ssl://</literal> is the underlying transport for the
|
|
<link linkend="wrappers.http"><literal>https://</literal></link> and
|
|
<link linkend="wrappers.ftp"><literal>ftps://</literal></link> wrappers,
|
|
any context options which apply to <literal>ssl://</literal> also apply to
|
|
<literal>https://</literal> and <literal>ftps://</literal>.
|
|
</simpara>
|
|
</note>
|
|
</section>
|
|
|
|
<section xml:id="transports.unix">
|
|
<title>Unix Domain: Unix and UDG</title>
|
|
<simpara>
|
|
<literal>unix://</literal> and
|
|
<literal>udg://</literal> (udg:// since PHP 5).
|
|
</simpara>
|
|
|
|
<itemizedlist>
|
|
<listitem><simpara><literal>unix:///tmp/mysock</literal></simpara></listitem>
|
|
<listitem><simpara><literal>udg:///tmp/mysock</literal></simpara></listitem>
|
|
</itemizedlist>
|
|
|
|
<simpara>
|
|
<literal>unix://</literal> provides access to a socket stream
|
|
connection in the Unix domain. <literal>udg://</literal> provides
|
|
an alternate transport to a Unix domain socket using the user datagram
|
|
protocol.
|
|
</simpara>
|
|
|
|
<simpara>
|
|
Unix domain sockets, unlike Internet domain sockets, do not expect
|
|
a port number. In the case of <function>fsockopen</function> the
|
|
<parameter>portno</parameter> parameter should be set to 0.
|
|
</simpara>
|
|
</section>
|
|
|
|
</appendix>
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
Local variables:
|
|
mode: sgml
|
|
sgml-omittag:t
|
|
sgml-shorttag:t
|
|
sgml-minimize-attributes:nil
|
|
sgml-always-quote-attributes:t
|
|
sgml-indent-step:1
|
|
sgml-indent-data:t
|
|
indent-tabs-mode:nil
|
|
sgml-parent-document:nil
|
|
sgml-default-dtd-file:"../../manual.ced"
|
|
sgml-exposed-tags:nil
|
|
sgml-local-catalogs:nil
|
|
sgml-local-ecat-files:nil
|
|
End:
|
|
vim600: syn=xml fen fdm=syntax fdl=2 si
|
|
vim: et tw=78 syn=sgml
|
|
vi: ts=1 sw=1
|
|
-->
|