Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:44896
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: error (pb1.pair.com: domain bitextender.com from 80.237.132.12 cause and error)
Cc: endrazine <endrazine@gmail.com>,
 PHP internals <internals@lists.php.net>
Message-ID: <D34F695E-19FF-4D4C-AF00-5AAC5371B9CB@bitextender.com>
To: Brian A. Seklecki <seklecki@noc.cfi.pgh.pa.us>
In-Reply-To: <1246976308.10382.68.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com>
Content-Type: multipart/signed; boundary=Apple-Mail-7-479649211; micalg=sha1; protocol="application/pkcs7-signature"
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Fri, 10 Jul 2009 12:38:25 +0200
References: <4A5350C7.5060600@gmail.com> <1246976308.10382.68.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com>
Subject: Re: [PHP-DEV] Soap over SSL and
From: david.zuelke@bitextender.com (=?ISO-8859-1?Q?David_Z=FClke?=)

--Apple-Mail-7-479649211
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit

On 07.07.2009, at 16:18, Brian A. Seklecki wrote:

> On Tue, 2009-07-07 at 15:42 +0200, endrazine wrote:
>>
>> It is lacking any type of authentication of the payment gateway,  
>> which
>> is not acceptable.
>>
>
> I agree+++.
>
> The problem is that PHP SOAP uses an internal "streams" library  
> instead
> of libcurl; the former lacks, the later has, client/server PKI  
> support.

Nonsense. ext/soap has support for all of this through PHP's "https"  
stream which wraps the "ssl" stream.

Please RT(F)M:
http://php.net/manual/en/soapclient.soapclient.php
http://php.net/manual/en/context.ssl.php

In short:

$c = new SoapClient(
   'https://foo/bar.wsdl',
   array(
     'stream_context" => stream_context_create(array(
       'ssl' => array(
         'verify_peer' => true
       )
     ))
   )
);

There is the whole range of options related to certs, including for CA  
certs etc. SoapClient itself has an option for a 'local_cert' as well.

- David
--Apple-Mail-7-479649211
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGXDCCAxUw
ggJ+oAMCAQICEHvgrI6DXM4XmK4XvhB7lh4wDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkEx
JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA4MDgyMjE0MjEzOVoXDTA5MDgyMjE0MjEz
OVowTjEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjErMCkGCSqGSIb3DQEJARYcZGF2
aWQuenVlbGtlQGJpdGV4dGVuZGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANx+fe+8oUaO+fotZryRBmD3NAP00QikUIqIyZKiwJ4BS9M8DdqN0lAh443rdw1h/H0NVkDMv7+7
MnSUYKU+BTwulvU7WDGLm7JGkXXWkGl5vHUnUWltUkk8ImUDiunYPnuyUVyQlnZkp1ThihYoR4xo
MmiiC+6mHLl8FzMKimOU/UREpGfyLqYhsNdXiVgm+W8feO6aY3fDaenn9EVZEXJs6t7KxLpCIlD2
8+0dHlX+91vV4a9zfMObjEkLW3w/uBTT+uHypySHo/EWw0/pOD34sMdhSh0Xyr4un+Uv/DHH1ft3
5TJq6DEIrIL4iUpGa7Nsqjoah5SgpWwJY+gWaC8CAwEAAaNcMFowDgYDVR0PAQH/BAQDAgSwMBEG
CWCGSAGG+EIBAQQEAwIFIDAnBgNVHREEIDAegRxkYXZpZC56dWVsa2VAYml0ZXh0ZW5kZXIuY29t
MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAbEPiMjevqmbl2NuGieZkF5fNV1Uhr0dL
wGDDxIcIHGnBeEBVy/5NpAKJUCU4lqG+bqD1S4MdyyLxvzlhOSZEqjcEwtwXqLVsaDakYFHsRGaS
DU160+1b/wlf8/OR5tof7y5MA8p6MSQHjXWOy38A71wvwFowGZPF5lY617W5mUMwggM/MIICqKAD
AgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBD
YXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYD
VQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVy
c29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0
ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMG
A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVz
VftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Va
qj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20Txh
BEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0
hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNV
HQ8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqG
SIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCT
cDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo0
5RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDEDCCAwwCAQEwdjBiMQswCQYDVQQGEwJaQTEl
MCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEHvgrI6DXM4XmK4XvhB7lh4wCQYFKw4DAhoFAKCC
AW8wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkwNzEwMTAzODI1
WjAjBgkqhkiG9w0BCQQxFgQUvo8Zm6mmThmqojPssKu3fAoGBuYwgYUGCSsGAQQBgjcQBDF4MHYw
YjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq
BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhB74KyOg1zOF5iuF74Q
e5YeMIGHBgsqhkiG9w0BCRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD
b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJ
c3N1aW5nIENBAhB74KyOg1zOF5iuF74Qe5YeMA0GCSqGSIb3DQEBAQUABIIBAAM46MhMdP0eYcbl
fW85UXWf2y441eLomtuYe+nvGirznydPuHF++jwSSJFZ/arPg85PErVbJBL6FvvwSaiXA4hy0c38
lTYvK37pFN/P5B19mQ2aT0c6kQMKbTwvJd5YYWQKONd61UiWQhaSpwyhMb0f0BzRjTcTjU4yxGbj
9d2nBUP/goJLsMPnu/1HAotseX5BzC+ss5l503Idjh2OylZtZfFQdgA26BY8tVOSm7TzfLrQM06P
5QZqRqzzascrJfOVFKRJ1D8kRyY7uzDlB+r3FhENO95vXp550rM0B7FtxqlCwqif4HJV9IrPgPjK
ntv1GeLOmjX65zaS0UBEhdcAAAAAAAA=

--Apple-Mail-7-479649211--