ssl_verify_peer

服务SSL设置验证对端证书。默认关闭,即不验证客户端证书。若开启,必须同时设置 ssl_client_cert_file选项

tcp服务若验证失败,会底层会主动关闭连接。

  • ssl_verify_peer 开启验证对端证书功能,
  • ssl_allow_self_signed 允许自签名证书
  • ssl_client_cert_file 客户端正证书
$serv = new swoole_server('0.0.0.0', 9501, SWOOLE_PROCESS, SWOOLE_SOCK_TCP | SWOOLE_SSL);
$serv->set(array(
    'ssl_cert_file' => __DIR__.'/config/ssl.crt',
    'ssl_key_file' => __DIR__.'/config/ssl.key',
    'ssl_verify_peer' => true,
    'ssl_allow_self_signed' => true,
    'ssl_client_cert_file' => __DIR__ . '/config/client.crt',
));