openssl_x509_verify
Verifies digital signature of x509 certificate against a public key
&reftitle.description;
intopenssl_x509_verify
mixedx509
mixedpub_key_id
openssl_x509_verify verifies that the
x509 certificate was signed by the private
key corresponding to public key pub_key_id.
&reftitle.parameters;
&openssl.param.x509;
pub_key_id
resource - a key, returned by openssl_get_publickey
string - a PEM formatted key, example, "-----BEGIN PUBLIC KEY-----
MIIBCgK..."
&reftitle.returnvalues;
Returns 1 if the signature is correct, 0 if it is incorrect, and
-1 on error.
&reftitle.examples;
<function>openssl_x509_verify</function> example
true,
"capture_peer_cert_chain" => true,
"allow_self_signed"=> false,
"CN_match" => $hostname,
"verify_peer" => true,
"SNI_enabled" => true,
"SNI_server_name" => $hostname,
);
$ctx = stream_context_create( array("ssl" => $ssloptions) );
$result = stream_socket_client("ssl://$hostname:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx);
$cont = stream_context_get_params($result);
$x509 = $cont["options"]["ssl"]["peer_certificate"];
$certparsed = openssl_x509_parse($x509);
foreach($cont["options"]["ssl"]["peer_certificate_chain"] as $chaincert)
{
$chainparsed = openssl_x509_parse($chaincert);
$chain_public_key = openssl_get_publickey($chaincert);
$r = openssl_x509_verify($x509, $chain_public_key);
if ($r==1)
{
echo $certparsed['subject']['CN'];
echo " was digitally signed by ";
echo $chainparsed['subject']['CN']."\n";
}
}
?>
]]>
&reftitle.seealso;
openssl_verify
openssl_get_publickey