PHP - SSL socket client certificate

Question

I am currently using a tcp socket to exchange data between a server and a client using socket streams in PHP. I want each client to have a unique certificate (which I will generate for them) to access my server so that only people I know will be able to use it. I have searched and found only how to use certificate on the server side, which will enable me to make a SSL socket connection, but what I actually need is to use a client server certificate to identify the client that is connecting to my server. Is this possible using PHP ?

I'd imagine the client to connect like this:

$clientCert = './clientCert.pem';
$streamContext = stream_context_create();
stream_context_set_option($streamContext, 'ssl', 'local_cert', $clientCert);
$server = stream_socket_client('ssl://IP', $error, $errorString, 2, STREAM_CLIENT_CONNECT, $streamContext);

But how does the server handle (identify, etc) this client side certificate ?

Hope I was clear with my question.

Thanks in advance, Rafael

Answer 1

You should use stream_context_set_option to set verify_peer to true; this will require the other side to verify that the client's certificate is trusted. The verification is done by checking that the certificate is signed by a trusted authority, so you need to specify where the authority's public key can be found through either the cafile or capath option.

Note that the above holds true both on the server side (to allow you to authenticate your clients) and on the client side -- the server is also not authenticated unless you explicitly make it so.