SoapClient over https verify server certificate

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
benland
Forum Newbie
Posts: 2
Joined: Thu Oct 06, 2011 10:26 am

SoapClient over https verify server certificate

Post by benland »

Hi All,
I really need help.
I am now reprogramming a soapClient to another server. I want to call web services on that server.
I need this connection to be over https.
To connect to the server over https I have no problem.
The problem is to verify the server certificate.

I tried this:

Code: Select all

$context = stream_context_create(
                array(
                        'SSL' => array(
                                'allow_self_signed' => FALSE,
								"verify_peer " => TRUE,
								"cafile" => $fileName,
								"capture_peer_cert" => TRUE
                        )
                )
        );

	$client = new SoapClient("https://<someServer>/WebService.asmx?WSDL",
	array("exceptions" => 1,"stream_context" => $context));	

	$result1 = $client->HelloWorld();

        print_r($result1);
but this work if the server certificate is fine and even if i connect to the server through other host name it still works. while it shouldn't( I didn't replace the certificate only the host name).

Please... help... :)
Ben
Post Reply