SSL context options
SSL context options — SSL context option listing
Description
Context options for ssl:// and tls://
transports.
Options
-
verify_peer
boolean
-
Require verification of SSL certificate used.
Defaults to FALSE.
-
allow_self_signed
boolean
-
Allow self-signed certificates.
Defaults to FALSE
-
cafile
string
-
Location of Certificate Authority file on local filesystem
which should be used with the verify_peer
context option to authenticate the identity of the remote peer.
-
capath
string
-
If cafile is not specified or if the certificate
is not found there, the directory pointed to by capath
is searched for a suitable certificate. capath
must be a correctly hashed certificate directory.
-
local_cert
string
-
Path to local certificate file on filesystem. It must be a PEM
encoded file which contains your certificate and private key.
It can optionally contain the certificate chain of issuers.
-
passphrase
string
-
Passphrase with which your local_cert file
was encoded.
-
CN_match
string
-
Common Name we are expecting. PHP will perform limited wildcard
matching. If the Common Name does not match this, the connection
attempt will fail.
-
verify_depth
integer
-
Abort if the certificate chain is too deep.
Defaults to no verification.
-
ciphers
string
-
Sets the list of available ciphers. The format of the string is described
in » ciphers(1).
Defaults to DEFAULT.
-
capture_peer_cert
boolean
-
If set to TRUE a peer_certificate context option
will be created containing the peer certificate.
-
capture_peer_chain
boolean
-
If set to TRUE a peer_certificate_chain context
option will be created containing the certificate chain.
Notes
Note:
Because ssl:// is the underlying transport for the
https:// and
ftps:// wrappers,
any context options which apply to ssl:// also apply to
https:// and ftps://.