PHP5 SoapClient: verify server certificate?

(This PHP5 latest version, Apache Server latest.)

I've worked out (rather easily enough) how to use the SoapClient to access a
web service. I am using a WSDL-based SoapClient, over HTTPS, with server
authentication by client username and password -- it all works great, only a
few
lines of code, too -- good stuff!

What I am stuck on is verification of the server's certificate with a
trusted CA.
I cannot find any documentation for accessing these features when using
SoapClient from the php_soap extension.

(1)
It seems like verification of the server certificate is off by default. Is
this correct?

I cannot find any way to disable it or enable it or check it. Can the
"verify peer"
option be enabled? Can the option be queried?

I see documentation for settings at the CURL or even the SSL level. But I am
using the SoapClient, so it's no help. (Or is it?)

(2)
I cannot find a way to provide a cafile or capath value which would provide
the trusted CA certificate used to verify the server certificate.

Again, I see documentation for settings at lower level APIs, but I am using
the SoapClient.

(3)
Is there a logging or trace setting that can show if server certificate
verification
is succeeding or failing, kind of like how openssl s_client does?

Thanks for any help.

--
PHP Soap Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Kevin Mendel wrote:

(1)
It seems like verification of the server certificate is off by default. Is
this correct?

I cannot find any way to disable it or enable it or check it. Can the
"verify peer"
option be enabled? Can the option be queried?

I see documentation for settings at the CURL or even the SSL level. But I am
using the SoapClient, so it's no help. (Or is it?)

These questions would be very interesting for me too.

I dont't think that the verification of the server-certificate is off by default.
If I want to connect a soapClient to a https-webservice without further authentication and verification, the soapClient complains that it cannot establish a ssl-connection (openssl and curl are enabled). So I think it doesn't accept the server-certificate by default. But I use an untrusted server-certificate, maybe that's a difference.

raol ha scritto:
the only way that i know is to create a valid certificate, no problem if
it's selfsigned, but it must be valid for the called host.

Webservices are like ordinary webClients ( browsers ) they prevent , in
this case via openssl , to accept a certificate that doesn't fit the
basic security policy.

This is my experience , if someone got more infos , i'll be happy to go
in deep with this :)

--
PHP Soap Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php