<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.7 $ -->
<reference id="ref.openssl">
<title>OpenSSL functions</title>
<titleabbrev>OpenSSL</titleabbrev>
<partintro>
<section id="openssl.intro">
&reftitle.intro;
<para>
This module uses the functions of <ulink
url="&url.openssl;">OpenSSL</ulink> for generation and verification
of signatures and for sealing (encrypting) and opening (decrypting)
data. OpenSSL offers many features that this module currently doesn't
support. Some of these may be added in the future.
</para>
</section>
<section id="openssl.requirements">
&reftitle.required;
<para>
In order to use the OpenSSL functions you need to install the <ulink
url="&url.openssl;">OpenSSL</ulink> package.
PHP-4.0.4pl1 requires OpenSSL >= 0.9.6, but PHP-4.0.5 and greater
will also work with OpenSSL >= 0.9.5.
</para>
</section>
&reference.openssl.configure;
<section id="openssl.configuration">
&reftitle.runtime;
&no.config;
</section>
<section id="openssl.resources">
&reftitle.resources;
<para>
</para>
</section>
<section id="openssl.certparams">
<title>Key/Certificate parameters</title>
<para>
Quite a few of the openssl functions require a key or a certificate
parameter. PHP 4.0.5 and earlier have to use a key or certificate
<type>resource</type> returned by one of the openssl_get_xxx functions.
Later versions may use one of the following methods:
<itemizedlist>
<listitem>
<para>
Certificates
<orderedlist>
<listitem>
<simpara>
An X.509 resource returned from
<function>openssl_x509_read</function>
</simpara>
</listitem>
<listitem>
<simpara>A string having the format
<filename>file://path/to/cert.pem</filename>; the named file must
contain a PEM encoded certificate
</simpara>
</listitem>
<listitem>
<simpara>
A string containing the content of a certificate, PEM encoded
</simpara>
</listitem>
</orderedlist>
</para>
</listitem>
<listitem>
<para>
Public/Private Keys
<orderedlist>
<listitem>
<simpara>A key resource returned from
<function>openssl_get_publickey</function> or
<function>openssl_get_privatekey</function>
</simpara>
</listitem>
<listitem>
<simpara>For public keys only: an X.509 resource</simpara>
</listitem>
<listitem>
<simpara>A string having the format
<filename>file://path/to/file.pem</filename> - the named file must
contain a PEM encoded certificate/private key (it may contain both)
</simpara>
</listitem>
<listitem>
<simpara>
A string containing the content of a certificate/key, PEM encoded
</simpara>
</listitem>
<listitem>
<simpara>
For private keys, you may also use the syntax
<emphasis>array($key, $passphrase)</emphasis> where $key represents a
key specified using the file:// or textual content notation above, and
$passphrase represents a string containing the passphrase for that
private key
</simpara>
</listitem>
</orderedlist>
</para>
</listitem>
</itemizedlist>
</para>
</section>
<section id="openssl.cert.verification">
<title>Certificate Verification</title>
<para>
When calling a function that will verify a signature/certificate, the
<emphasis>cainfo</emphasis> parameter is an array containing file and
directory names that specify the locations of trusted CA files. If a
directory is specified, then it must be a correctly formed hashed
directory as the <command>openssl</command> command would use.
</para>
</section>
&reference.openssl.constants;
</partintro>
&reference.openssl.functions;
</reference>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"../../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->