Menu
I would like to be able to read the SSL certificate information with CURL. From the Linux console I get this response header:
GET https://www.google.com/ -ed Cache-Control: private, max-age=0 Connection: close Date: Sun, 20 Jun 2010 21:34:12 GMT Server: gws Content-Type: text/html; charset=ISO-8859-1 Expires: -1 Client-Date: Sun, 20 Jun 2010 21:34:18 GMT Client-Peer: 66.102.13.106:443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA Client-SSL-Cert-Subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com Client-SSL-Cipher: RC4-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: PREF=ID=4d56960f6e3ad831:TM=1277069652:LM=1277069652:S=GF-w8Yc-_61NBzzJ; expires=Tue, 19-Jun-2012 21:34:12 GMT; path=/; domain=.google.com Title: Google X-XSS-Protection: 1; mode=block But with CURL the header is much shorter:
HTTP/1.1 200 OK Date: Sun, 20 Jun 2010 21:39:07 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Set-Cookie: PREF=ID=2d4fb1c933eebd09:TM=1277069947:LM=1277069947:S=6_TgGKzD0rM4IWms; expires=Tue, 19-Jun-2012 21:39:07 GMT; path=/; domain=.google.com Server: gws X-XSS-Protection: 1; mode=block Transfer-Encoding: chunked Is there any possibility to get these information, the full header with CURL or with some other PHP function?
645
php $xml = file_get_contents("myxml. xml"); $ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__). '\mypem.
libcurl performs peer SSL certificate verification by default. This is done by using a CA certificate store that the SSL library can use to make sure the peer's server certificate is valid.
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle. crt; you can specify an alternate file using the --cacert option.
To check an SSL certificate on any website, all you need to do is follow two simple steps. First, check if the URL of the website begins with HTTPS, where S indicates it has an SSL certificate. Second, click on the padlock icon on the address bar to check all the detailed information related to the certificate.
You will get the certificate as a resource using stream_context_get_params. Plug that resource into $certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']); to get more certificate information.
$url = "http://www.google.com"; $orignal_parse = parse_url($url, PHP_URL_HOST); $get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE))); $read = stream_socket_client("ssl://".$orignal_parse.":443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get); $cert = stream_context_get_params($read); $certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']); print_r($certinfo); Example result
Array ( [name] => /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com [subject] => Array ( [C] => US [ST] => California [L] => Mountain View [O] => Google Inc [CN] => www.google.com ) [hash] => dcdd9741 [issuer] => Array ( [C] => US [O] => Google Inc [CN] => Google Internet Authority G2 ) [version] => 2 [serialNumber] => 3007864570594926146 [validFrom] => 150408141631Z [validTo] => 150707000000Z [validFrom_time_t] => 1428498991 [validTo_time_t] => 1436223600 [purposes] => Array ( [1] => Array ( [0] => 1 [1] => [2] => sslclient ) [2] => Array ( [0] => 1 [1] => [2] => sslserver ) [3] => Array ( [0] => 1 [1] => [2] => nssslserver ) [4] => Array ( [0] => [1] => [2] => smimesign ) [5] => Array ( [0] => [1] => [2] => smimeencrypt ) [6] => Array ( [0] => 1 [1] => [2] => crlsign ) [7] => Array ( [0] => 1 [1] => 1 [2] => any ) [8] => Array ( [0] => 1 [1] => [2] => ocsphelper ) ) [extensions] => Array ( [extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication [subjectAltName] => DNS:www.google.com [authorityInfoAccess] => CA Issuers - URI:http://pki.google.com/GIAG2.crt OCSP - URI:http://clients1.google.com/ocsp [subjectKeyIdentifier] => FD:1B:28:50:FD:58:F2:8C:12:26:D7:80:E4:94:E7:CD:BA:A2:6A:45 [basicConstraints] => CA:FALSE [authorityKeyIdentifier] => keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F [certificatePolicies] => Policy: 1.3.6.1.4.1.11129.2.5.1 [crlDistributionPoints] => URI:http://pki.google.com/GIAG2.crl ) ) No. EDIT: A CURLINFO_CERTINFO option has been added to PHP 5.3.2. See http://bugs.php.net/49253
Apparently, that information is being given to you by your proxy in the response headers. If you want to rely on that, you can use curl's CURLOPT_HEADER option to trueto include the headers in the output.
However, to retrieve the certificate without relying on some proxy, you must do
<?php $g = stream_context_create (array("ssl" => array("capture_peer_cert" => true))); $r = fopen("https://www.google.com/", "rb", false, $g); $cont = stream_context_get_params($r); var_dump($cont["options"]["ssl"]["peer_certificate"]); You can manipulate the value of $cont["options"]["ssl"]["peer_certificate"] with the OpenSSL extension.
EDIT: This option is better since it doesn't actually make the HTTP request and does not require allow_url_fopen:
<?php $g = stream_context_create (array("ssl" => array("capture_peer_cert" => true))); $r = stream_socket_client("ssl://www.google.com:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $g); $cont = stream_context_get_params($r); var_dump($cont["options"]["ssl"]["peer_certificate"]); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
