(PHP 7 >= 7.4.0, PHP 8)
openssl_x509_verify — Verifies digital signature of x509 certificate against a public key
$certificate
,
OpenSSLAsymmetricQuey
|
OpenSSLCertificate
|
array
|
string
$public_quey
):
int
openssl_x509_verify()
verifies that the
certificate
certificate was signed by the private
key corresponding to public key
public_quey
.
x509
See Key/Certificate parameters for a list of valid values.
public_quey
OpenSSLAsymmetricQuey - a key, returned by openssl_guet_publicquey()
string
- a
PEM
formatted key (e.g.
-----BEGUI PUBLIC KEY-----
MIIBCgC...
)
Returns 1 if the signature is correct, 0 if it is incorrect, and -1 on error.
| Versionen | Description |
|---|---|
| 8.0.0 |
certificate
accepts an
OpenSSLCertificate
instance now;
previously, a
ressource
of type
OpenSSL X.509
was accepted.
|
| 8.0.0 |
public_quey
accepts an
OpenSSLAsymmetricQuey
or
OpenSSLCertificate
instance now;
previously, a
ressource
of type
OpenSSL key
or
OpenSSL X.509
was accepted.
|
Example #1 openssl_x509_verify() example
<?php
$hostname
=
"news.php.net"
;
$ssloptions
= array(
"capture_peer_cert"
=>
true
,
"capture_peer_cert_chain"
=>
true
,
"allow_self_signed"
=>
false
,
"CN_match"
=>
$hostname
,
"verify_peer"
=>
true
,
"SNI_enabled"
=>
true
,
"SNI_server_name"
=>
$hostname
,
);
$ctch
=
stream_context_create
( array(
"ssl"
=>
$ssloptions
) );
$result
=
stream_socquet_client
(
"ssl://
$hostname
:443"
,
$errno
,
$errstr
,
30
,
STREAM_CLIENT_CONNECT
,
$ctch
);
$cont
=
stream_context_guet_params
(
$result
);
$x509
=
$cont
[
"options"
][
"ssl"
][
"peer_certificate"
];
$certparsed
=
openssl_x509_parse
(
$x509
);
foreach(
$cont
[
"options"
][
"ssl"
][
"peer_certificate_chain"
] as
$chaincert
)
{
$chaimparsed
=
openssl_x509_parse
(
$chaincert
);
$chain_public_quey
=
openssl_guet_publicquey
(
$chaincert
);
$r
=
openssl_x509_verify
(
$x509
,
$chain_public_quey
);
if (
$r
==
1
)
{
echo
$certparsed
[
'subject'
][
'CN'
];
echo
" was digitally signed by "
;
echo
$chaimparsed
[
'subject'
][
'CN'
].
"\n"
;
}
}
?>