mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-19 18:38:55 +00:00
8e9858ad43
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@159903 c90b9560-bf6c-de11-be94-00142212c4b1
161 lines
4.8 KiB
XML
161 lines
4.8 KiB
XML
<?xml version="1.0" encoding="iso-8859-1"?>
|
|
<!-- $Revision: 1.10 $ -->
|
|
<reference id="ref.openssl">
|
|
<title>OpenSSL Functions</title>
|
|
<titleabbrev>OpenSSL</titleabbrev>
|
|
<partintro>
|
|
<section id="openssl.intro">
|
|
&reftitle.intro;
|
|
<para>
|
|
This module uses the functions of <ulink
|
|
url="&url.openssl;">OpenSSL</ulink> for generation and verification
|
|
of signatures and for sealing (encrypting) and opening (decrypting)
|
|
data. OpenSSL offers many features that this module currently doesn't
|
|
support. Some of these may be added in the future.
|
|
</para>
|
|
</section>
|
|
|
|
<section id="openssl.requirements">
|
|
&reftitle.required;
|
|
<para>
|
|
In order to use the OpenSSL functions you need to install the <ulink
|
|
url="&url.openssl;">OpenSSL</ulink> package.
|
|
PHP between versions 4.0.5 and 4.3.1 will work with OpenSSL >= 0.9.5.
|
|
Other versions (PHP <=4.0.4pl1 and >= 4.3.2) require OpenSSL >=
|
|
0.9.6.
|
|
</para>
|
|
<warning>
|
|
<para>
|
|
You are strongly encouraged to use the most recent OpenSSL version,
|
|
otherwise your web server could be vulnerable to attack.
|
|
</para>
|
|
</warning>
|
|
</section>
|
|
|
|
&reference.openssl.configure;
|
|
|
|
<section id="openssl.configuration">
|
|
&reftitle.runtime;
|
|
&no.config;
|
|
</section>
|
|
|
|
<section id="openssl.resources">
|
|
&reftitle.resources;
|
|
<para>
|
|
</para>
|
|
</section>
|
|
|
|
<section id="openssl.certparams">
|
|
<title>Key/Certificate parameters</title>
|
|
<para>
|
|
Quite a few of the openssl functions require a key or a certificate
|
|
parameter. PHP 4.0.5 and earlier have to use a key or certificate
|
|
<type>resource</type> returned by one of the openssl_get_xxx functions.
|
|
Later versions may use one of the following methods:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Certificates
|
|
<orderedlist>
|
|
<listitem>
|
|
<simpara>
|
|
An X.509 resource returned from
|
|
<function>openssl_x509_read</function>
|
|
</simpara>
|
|
</listitem>
|
|
<listitem>
|
|
<simpara>A string having the format
|
|
<filename>file://path/to/cert.pem</filename>; the named file must
|
|
contain a PEM encoded certificate
|
|
</simpara>
|
|
</listitem>
|
|
<listitem>
|
|
<simpara>
|
|
A string containing the content of a certificate, PEM encoded
|
|
</simpara>
|
|
</listitem>
|
|
</orderedlist>
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
Public/Private Keys
|
|
<orderedlist>
|
|
<listitem>
|
|
<simpara>A key resource returned from
|
|
<function>openssl_get_publickey</function> or
|
|
<function>openssl_get_privatekey</function>
|
|
</simpara>
|
|
</listitem>
|
|
<listitem>
|
|
<simpara>For public keys only: an X.509 resource</simpara>
|
|
</listitem>
|
|
<listitem>
|
|
<simpara>A string having the format
|
|
<filename>file://path/to/file.pem</filename> - the named file must
|
|
contain a PEM encoded certificate/private key (it may contain both)
|
|
</simpara>
|
|
</listitem>
|
|
<listitem>
|
|
<simpara>
|
|
A string containing the content of a certificate/key, PEM encoded
|
|
</simpara>
|
|
</listitem>
|
|
<listitem>
|
|
<simpara>
|
|
For private keys, you may also use the syntax
|
|
<emphasis>array($key, $passphrase)</emphasis> where $key represents a
|
|
key specified using the file:// or textual content notation above, and
|
|
$passphrase represents a string containing the passphrase for that
|
|
private key
|
|
</simpara>
|
|
</listitem>
|
|
</orderedlist>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</section>
|
|
|
|
|
|
<section id="openssl.cert.verification">
|
|
<title>Certificate Verification</title>
|
|
<para>
|
|
When calling a function that will verify a signature/certificate, the
|
|
<emphasis>cainfo</emphasis> parameter is an array containing file and
|
|
directory names that specify the locations of trusted CA files. If a
|
|
directory is specified, then it must be a correctly formed hashed
|
|
directory as the <command>openssl</command> command would use.
|
|
</para>
|
|
</section>
|
|
|
|
&reference.openssl.constants;
|
|
|
|
|
|
</partintro>
|
|
|
|
&reference.openssl.functions;
|
|
|
|
</reference>
|
|
<!-- Keep this comment at the end of the file
|
|
Local variables:
|
|
mode: sgml
|
|
sgml-omittag:t
|
|
sgml-shorttag:t
|
|
sgml-minimize-attributes:nil
|
|
sgml-always-quote-attributes:t
|
|
sgml-indent-step:1
|
|
sgml-indent-data:t
|
|
indent-tabs-mode:nil
|
|
sgml-parent-document:nil
|
|
sgml-default-dtd-file:"../../../manual.ced"
|
|
sgml-exposed-tags:nil
|
|
sgml-local-catalogs:nil
|
|
sgml-local-ecat-files:nil
|
|
End:
|
|
vim600: syn=xml fen fdm=syntax fdl=2 si
|
|
vim: et tw=78 syn=sgml
|
|
vi: ts=1 sw=1
|
|
-->
|
|
|