1. 首頁
  2. 問答
  3. 使用PHP和證書連接到FTPS作爲身份驗證

使用PHP和證書連接到FTPS作爲身份驗證

2012-04-30 67 views
4

我很難設置連接到FTPS。使用PHP和證書連接到FTPS作爲身份驗證

我應該使用SSL/TLS和AUTH(顯式標準)進行連接。 我有一個服務器地址和一個端口(:60000)和一個來自服務器所有者的公鑰以及我自己的證書。

Googling around後,我認爲捲曲是我最好的選擇,但我不知道使用什麼捲曲選項。

有沒有人有一個片段連接並上傳/下載文件到這樣一個FTPS的工作示例?

這個頁面有一些信息http://php.net/manual/en/function.curl-setopt.php E.g棟相同的看法,但使用的用戶名/密碼

$username = 'username'; 
$password = 'password'; 
$url = 'example.com'; 
$ftp_server = "ftp://" . $username . ":" . $password . "@" . $url; 

echo "Starting CURL.\n"; 
$ch = curl_init(); 
echo "Set CURL URL.\n"; 

//curl FTP 
curl_setopt($ch, CURLOPT_URL, $ftp_server); 

//For Debugging 
//curl_setopt($ch, CURLOPT_VERBOSE, TRUE); 

//SSL Settings 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); 
curl_setopt($ch, CURLOPT_FTP_SSL, CURLFTPSSL_TRY); 

//List FTP files and directories 
curl_setopt($ch, CURLOPT_FTPLISTONLY, TRUE); 

//Output to curl_exec 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 

echo "Executing CURL.\n"; 
$output = curl_exec($ch); 
curl_close($ch); 
echo "Closing CURL.\n"; 
echo $output . "\n"; 
$files = explode("\n", $output); 
print_r($files);

任何想法如何使用證書呢?

在此先感謝!

來源

2012-04-30 Erik

回答

5

我知道遲到的迴應,但我也一直在爲此付出努力,以下兩段代碼最終爲我工作,所以即使它爲時已晚,也許會幫助其他人。在我的情況下,我只需要使用CA證書驗證對方,所以如果您需要驗證自己的身份(當然超出用戶/密碼),您可能需要集成下面的第三塊代碼。

下載(只有CA證書)

$ftp_server = 'ftps://YOUR-SERVER-NAME/'; 
$ftp_user = 'FTP-USER-NAME'; 
$ftp_password = 'FTP-PASSWORD'; 

$ftp_certificate = 'PATH TO CA CERT'; 
// ...e.g./var/www/certs/ssl-certificate.pub.crt  
$source_file = 'REMOTE-FILE-PATH'; 
$destination_file = 'LOCAL-FILE-PATH'; 

$file = fopen($destination_file, 'w'); 

$ch = curl_init(); 

curl_setopt($ch, CURLOPT_VERBOSE, TRUE); 
curl_setopt($ch, CURLOPT_URL, $ftp_server . $source_file); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
curl_setopt($ch, CURLOPT_USERPWD, $ftp_user . ':' . $ftp_password); 
curl_setopt($ch, CURLOPT_TIMEOUT, 400); 
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 400); 
curl_setopt($ch, CURLOPT_FILE, $file); 

//SSL 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); 
curl_setopt($ch, CURLOPT_CAINFO, $ftp_certificate); 
curl_setopt($ch, CURLOPT_FTP_SSL, CURLFTPSSL_ALL); 
curl_setopt($ch, CURLOPT_FTPSSLAUTH, CURLFTPAUTH_SSL); 

curl_exec($ch); 
$error_no = curl_errno($ch); 
$error_msg = curl_error($ch); 
curl_close ($ch); 
if ($error_no == 0) { 
    $msg = 'File downloaded succesfully.'; 
} else { 
    $msg = 'File download error:' . $error_msg . ' | ' . $error_no; 
} 
fclose($file); 
echo $msg;

上傳(只有CA證書)

$ftp_server = 'ftps://YOUR-SERVER-NAME/'; 
$ftp_user = 'FTP-USER-NAME'; 
$ftp_password = 'FTP-PASSWORD'; 

$ftp_certificate = 'PATH TO CA CERT'; 
// ...e.g./var/www/certs/ssl-certificate.pub.crt  
$source_file = 'LOCAL-FILE-PATH'; 
$destination_file = 'REMOTE-FILE-PATH'; 

$file = fopen($source_file, 'r'); 

$ch = curl_init(); 

curl_setopt($ch, CURLOPT_VERBOSE, TRUE); 
curl_setopt($ch, CURLOPT_URL, $ftp_server . $destination_file); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
curl_setopt($ch, CURLOPT_USERPWD, $ftp_user . ':' . $ftp_password); 
curl_setopt($ch, CURLOPT_TIMEOUT, 400); 
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 400); 

curl_setopt($ch, CURLOPT_UPLOAD, 1); 
curl_setopt($ch, CURLOPT_INFILE, $file); 
curl_setopt($ch, CURLOPT_INFILESIZE, filesize($source_file)); 

//SSL stuff 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); 
curl_setopt($ch, CURLOPT_CAINFO, $ftp_certificate); 

curl_setopt($ch, CURLOPT_FTP_SSL, CURLFTPSSL_ALL); 
curl_setopt($ch, CURLOPT_FTPSSLAUTH, CURLFTPAUTH_SSL); 

$upload_result = curl_exec($ch); 
$upload_info = curl_getinfo($ch); 
$error_no = curl_errno($ch); 
$error_msg = curl_error($ch); 
curl_close ($ch); 
if ($error_no == 0) { 
    $msg = 'File uploaded succesfully.'; 
} else { 
    $msg = 'File upload error:' . $error_msg . ' | ' . $error_no; 
} 

fclose($file); 
echo $msg . '(' . filesize($source_file) . ')';

您可以檢查響應這樣的代碼,例如:

if ($upload_info['http_code'] == '226') {...}

要添加公鑰/私鑰(curl_exec前添加此)

// A private SSL key. 
// If your key file has a password, you will need to set 
// this with CURLOPT_SSLKEYPASSWD 
curl_setopt($ch, CURLOPT_SSLKEY, $keyFile); 

// A PEM formatted certificate- with CURLOPT_SSLCERTTYPE 
// you could also use DER or ENG formats 
curl_setopt($ch, CURLOPT_SSLCERT, $certFile); 
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $certPass);

當然,你可能在PHP,Apache的,timemout限制,同時也nginx的撥弄,像我一樣在我的情況下與一個麻煩的Plesk安裝,如果文件很大,傳輸速度很慢。

來源

2013-10-21 14:22:33

+0

OMG,我幾乎放棄了這一點。我非常感謝你的回答。 – Erik

+0

哇,很高興我可以幫忙!真的沒有想到你會回來,謝謝接受。 –

相關問題

 相關問題