Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:44761
Return-Path: <seklecki@noc.cfi.pgh.pa.us>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 55045 invoked from network); 7 Jul 2009 14:18:35 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Jul 2009 14:18:35 -0000
Authentication-Results: pb1.pair.com smtp.mail=seklecki@noc.cfi.pgh.pa.us; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=seklecki@noc.cfi.pgh.pa.us; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain noc.cfi.pgh.pa.us designates 206.210.72.84 as permitted sender)
X-PHP-List-Original-Sender: seklecki@noc.cfi.pgh.pa.us
X-Host-Fingerprint: 206.210.72.84 mx04.pub.collaborativefusion.com Linux 2.5 (sometimes 2.4) (4)
Received: from [206.210.72.84] ([206.210.72.84:36317] helo=mx04.pub.collaborativefusion.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 2F/A7-17523-939535A4 for <internals@lists.php.net>; Tue, 07 Jul 2009 10:18:34 -0400
Received: from [192.168.2.161] ([206.210.89.202])
	by mx04.pub.collaborativefusion.com (StrongMail Enterprise 4.1.1.4(4.1.1.4-47689)); Tue, 07 Jul 2009 10:04:07 -0400
X-VirtualServerGroup: Default
X-MailingID: 00000::00000::00000::00000::::36
X-SMHeaderMap: mid="X-MailingID"
X-Destination-ID: internals@lists.php.net
X-SMFBL: aW50ZXJuYWxzQGxpc3RzLnBocC5uZXQ=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
	d=noc.cfi.pgh.pa.us; s=noc_cfi_pgh_pa_us_key_dkim; l=1022;
	t=1246975447; i=@noc.cfi.pgh.pa.us; h=Subject:From:To:Cc:
	In-Reply-To:References:Content-Type:Date:Message-Id:Mime-Version:
	X-Mailer:Content-Transfer-Encoding; bh=YvlvPWOErxcdDczgE4Nu3v0c3
	sE=; b=GnB41uZAjT4s7M3GLDQiQTcTNmYiv042gF3gAUVA6wT8ptOIUlE1A0vrs
	mF6xNroLL0w1IF1vnbZGHy07tcF5LoJ8Z9mKShgEHO9kOcI1l50TuVbpRUxTJ6CE
	YZRFfY1
To: endrazine <endrazine@gmail.com>
Cc: PHP internals <internals@lists.php.net>
In-Reply-To: <4A5350C7.5060600@gmail.com>
References: <4A5350C7.5060600@gmail.com>
Content-Type: text/plain
Date: Tue, 07 Jul 2009 10:18:28 -0400
Message-ID: <1246976308.10382.68.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.2 (2.26.2-1.fc11)
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Soap over SSL and
From: seklecki@noc.cfi.pgh.pa.us ("Brian A. Seklecki")

On Tue, 2009-07-07 at 15:42 +0200, endrazine wrote:
> 
> It is lacking any type of authentication of the payment gateway, which
> is not acceptable.
> 

I agree+++.  

The problem is that PHP SOAP uses an internal "streams" library instead
of libcurl; the former lacks, the later has, client/server PKI support.

If it did use libcurl, dozens of problems over the last few years would
have magically solved themselves (pipe-line'ing, keep-alive, socket
options, PKI, etc.)

Support needs to be added to PHP for this and it's been on the
back-burner for me, but I think it is time to take it to the next level.

This being 2009, and all, perhaps a few organizations can pool resources
and sponsor the needed development.

~BAS

> So in a nutshell, my problem is : can I get acces to the x509
> certificate used by SoapClient ? Is there an api to then verify the
> whole authority certification chain up to the root certificates I may
> decide to trust automagically, or shall I use the openssl api ?