On Tue, 2009-07-07 at 15:42 +0200, endrazine wrote: > > It is lacking any type of authentication of the payment gateway, which > is not acceptable. >
I agree+++. The problem is that PHP SOAP uses an internal "streams" library instead of libcurl; the former lacks, the later has, client/server PKI support. If it did use libcurl, dozens of problems over the last few years would have magically solved themselves (pipe-line'ing, keep-alive, socket options, PKI, etc.) Support needs to be added to PHP for this and it's been on the back-burner for me, but I think it is time to take it to the next level. This being 2009, and all, perhaps a few organizations can pool resources and sponsor the needed development. ~BAS > So in a nutshell, my problem is : can I get acces to the x509 > certificate used by SoapClient ? Is there an api to then verify the > whole authority certification chain up to the root certificates I may > decide to trust automagically, or shall I use the openssl api ? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php