On 07.07.2009, at 16:18, Brian A. Seklecki wrote:
On Tue, 2009-07-07 at 15:42 +0200, endrazine wrote:It is lacking any type of authentication of the payment gateway, whichis not acceptable.I agree+++.The problem is that PHP SOAP uses an internal "streams" library instead of libcurl; the former lacks, the later has, client/server PKI support.
Nonsense. ext/soap has support for all of this through PHP's "https" stream which wraps the "ssl" stream.
Please RT(F)M: http://php.net/manual/en/soapclient.soapclient.php http://php.net/manual/en/context.ssl.php In short: $c = new SoapClient( 'https://foo/bar.wsdl', array( 'stream_context" => stream_context_create(array( 'ssl' => array( 'verify_peer' => true ) )) ) );There is the whole range of options related to certs, including for CA certs etc. SoapClient itself has an option for a 'local_cert' as well.
- David
smime.p7s
Description: S/MIME cryptographic signature
