Geek asks and answers

Validate PHP and SSL CA - Independent OS

Here is a simple PHP script that opens an SSL socket ready to send HTTP requests:

$ contextOptions = array ();

$ socketUrl = 'ssl: //google.com: 443';
$ streamContext = stream_context_create ($ contextOptions);
$ socket = stream_socket_client ($ socketUrl, $ errno, $ errstr, 30, STREAM_CLIENT_CONNECT, $ streamContext);

if (! $ socket || $ errno! == 0) {
    var_dump ($ socket, $ errstr);
    exit
}

var_dump ($ socket);
exit ('Socket created.');

This works - I just tested it, but the validity of the CA repository is not verified.

We can change that script to use PHP SSL context options :

$ contextOptions = array (
    'ssl' => array (
        'cafile' => 'C: \ xampp \ cacerts.pem',
        'CN_match' => '* .google.com', // CN_match will only be checked if 'verify_peer' is set to TRUE. See https://bugs.php.net/bug.php?id=47030.
        'verify_peer' => TRUE,
    )
);

$ socketUrl = 'ssl: //google.com: 443';
$ streamContext = stream_context_create ($ contextOptions);
$ socket = stream_socket_client ($ socketUrl, $ errno, $ errstr, 30, STREAM_CLIENT_CONNECT, $ streamContext);

if (! $ socket || $ errno! == 0) {
    var_dump ($ socket, $ errstr);
    exit
}

var_dump ($ socket);
exit ('Socket created.');

As long as there is a cafile and has a valid CA, this example also works ...

... / CA? -, SSL- OS-, , script.

, Linux , "capath". Windows? ? , , , , , , PHP? ?

+5
1

...

PHP "cafile" "CN_match" PHP 5.6. , , , - , 5.6 SAN (subjectAltName), , . "" PHP . ( ) PHP - curl.

windows...

Windows OpenSSL. , openssl .PEM. -5.6 PHP - Windows. -OS, .

PHP 5.6 -

  • openssl.cafile openssl.capath php.ini .

  • , URI, "CN_match".

  • SAN SAR

  • php.ini CA /, PHP ( Windows !)

, , , github.com PHP-5.6:

<?php
$socket = stream_socket_client("tls://github.com:443");

. . . PHP .

PHP 5.6 SSL/TLS. , 5.6 PHP .

, , .

SAN 5.4/5.5

, , , SAN- 5.4 5.5, - ( ) . , , , :)

+12

More articles:


All Articles