List of context options for ssl:// and tls:// transports.
| peer_name | The peer name to use. If this value is not set, the name is guessed based on the hostname used when opening the stream. |
|---|---|
| verify_peer | Requires verification of the SSL certificate used. Defaults to TRUE. |
| verify_peer_name | Required to verify peer name. Defaults to TRUE. |
| allow_self_signed | Allow self-signed certificates. Requires verify_peer. Defaults to FALSE |
| cafile | The location of the Certification Authority file on the local file system used to authenticate remote peers. |
| capath | must be a correctly hashed certificate directory. |
| local_cert | The path to the local certificate file on the file system.|
| local_pk | The path to the local private key file on the file system (if the certificate and private key files are separate) . |
| Password | The password used to encode the local_cert file. |
| CN_match | The common name we expect. If the common name does not match, the connection attempt will fail. |
| verify_depth | Abort if certificate chain is too deep. |
| Password | Setting available List of passwords. The format of the string is described in » ciphers(1). |
| capture_peer_cert | If set to TRUE a peer_certificate context option will be created containing the peer certificate. |
| capture_peer_cert_chain | If set to TRUE, the peer_certificate_chain context option will be created to contain the certificate chain. |
| SNI_enabled | If set to TRUE, server name indication will be enabled. |
| SNI_server_name | If set, this value will be used as the server name indicated by the server name. Otherwise, guess the server name based on the hostname used |
| disable_compression | If set, disables TLS compression. |
| peer_fingerprint | Abort when the remote certificate digest does not match the specified hash. |
| security_level | Set the security level. If not specified, the default security level is used. Available since PHP 7.2.0 and OpenSSL 1.1.0. |
This example shows SSL context settings.
$stream_context = stream_context_create([ 'ssl' => [ 'local_cert' => '/path/to/key.pem', 'peer_fingerprint' => openssl_x509_fingerprint(file_get_contents('/path/to/key.crt')), 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true, 'verify_depth' => 0 ]]);
The above is the detailed content of PHP SSL context options. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
