<?php
$url = getenv('API_URL') ?: 'https://api.example.net/health';
$caFile = getenv('API_CAINFO') ?: '/etc/myapp/trust/api-ca.pem';

if (!is_readable($caFile)) {
    fwrite(STDERR, "CA file is not readable: {$caFile}\n");
    exit(1);
}

$ch = curl_init($url);
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_CAINFO => $caFile,
    CURLOPT_SSL_VERIFYPEER => true,
    CURLOPT_SSL_VERIFYHOST => 2,
    CURLOPT_TIMEOUT => 15,
    CURLOPT_HTTPHEADER => [
        'Accept: text/plain',
    ],
]);

$body = curl_exec($ch);

if ($body === false) {
    fwrite(STDERR, 'cURL error: ' . curl_error($ch) . PHP_EOL);
    curl_close($ch);
    exit(1);
}

$status = curl_getinfo($ch, CURLINFO_RESPONSE_CODE);
curl_close($ch);

echo "HTTP status: {$status}\n";
echo "Verified TLS: yes\n";
echo trim($body) . PHP_EOL;

if ($status < 200 || $status >= 300) {
    exit(1);
}