|
|
|
|
Bookmark this on Delicious
Share on Facebook
 Slashdot It!
Digg openssl_x509_parse
Parse an X509 certificate and return the information as an array
(PHP 4 >= 4.0.6, PHP 5)
openssl_x509_parse() returns information about the supplied x509cert, including fields such as subject name, issuer name, purposes, valid from and valid to dates etc. Code Examples / Notes » openssl_x509_parsenathanael
When dealing with the purposes of a x509 crt file the output of openssl_x509_parse gives an array with following for the purposes: each new array ([purposes][1], [purposes][2] for example) is a new purpose check I compared this output with the output of the command # openssl x509 -purpose -in <x509crt_file> the result i got was that [purposes][x][2] quite obviously is the name of the purpose checked [purposes][x][1] corresponds to the tested purpose (as named in [purposes][x][2]) acting as CA [purposes][x][0] corresponds to the general availability of the purpose [purposes] => Array ( [1] => Array ( [0] => 1 [1] => 1 [2] => sslclient ) [2] => Array ( [0] => 1 [1] => 1 [2] => sslserver ) [3] => Array ( [0] => 1 [1] => 1 [2] => nssslserver ) [4] => Array ( [0] => 1 [1] => 1 [2] => smimesign ) [5] => Array ( [0] => 1 [1] => 1 [2] => smimeencrypt ) [6] => Array ( [0] => 1 [1] => 1 [2] => crlsign ) [7] => Array ( [0] => 1 [1] => 1 [2] => any ) [8] => Array ( [0] => 1 [1] => 1 [2] => ocsphelper ) ) smgallo
The identifier for the email portion of certificates in the name and subject array have changed since PHP4. In PHP 4.3.0 the following array was returned (displayed my print_r()) [name] => /O=Grid/O=Globus/O=CCR Grid Portal/OU=Portal User/CN=Test User/Email=test@nospam.buffalo.edu [subject] => Array ( [O] => Grid/O=Globus/O=CCR Grid Portal [OU] => Portal User [CN] => Test User [Email] => test@nospam.buffalo.edu ... The result in PHP5 is (note Email -> emailAddress): [name] => /O=Grid/O=Globus/O=CCR Grid Portal/OU=Portal User/CN=Test User/emailAddress=test@nospam.buffalo.edu [subject] => Array ( [O] => Grid/O=Globus/O=CCR Grid Portal [OU] => Portal User [CN] => Test User [emailAddress] => test@nospam.buffalo.edu ... Of course, the manual DOES say this could happen. :) maarten
At this time very useful X509 oids (like streetAddress, postalCode and others) are missing. You can find a list of them at http://www.alvestrand.no/objectid/2.5.4.html, I hope they get included to openssl-x509-parse soon. Until then you can get these oids anyway like this: <? function getOID($OID, $ssl) { preg_match('/\/' . $OID . '=([^\/]+)/', $ssl, $matches); return $matches[1]; } $cert = file_get_contents('test.crt'); $ssl = openssl_x509_parse($cert); $Address = getOID('2.5.4.9', $ssl['name']); $ZipCode = getOID('2.5.4.17', $ssl['name']); $Postbox = getOID('2.5.4.18', $ssl['name']); ?> The parseCert function from the Horde framework can be usefull for this too. |
Change Language
openssl_csr_export_to_file openssl_csr_export openssl_csr_get_public_key openssl_csr_get_subject openssl_csr_new openssl_csr_sign openssl_error_string openssl_free_key openssl_get_privatekey openssl_get_publickey openssl_open openssl_pkcs12_export_to_file openssl_pkcs12_export openssl_pkcs12_read openssl_pkcs7_decrypt openssl_pkcs7_encrypt openssl_pkcs7_sign openssl_pkcs7_verify openssl_pkey_export_to_file openssl_pkey_export openssl_pkey_free openssl_pkey_get_details openssl_pkey_get_private openssl_pkey_get_public openssl_pkey_new openssl_private_decrypt openssl_private_encrypt openssl_public_decrypt openssl_public_encrypt openssl_seal openssl_sign openssl_verify openssl_x509_check_private_key openssl_x509_checkpurpose openssl_x509_export_to_file openssl_x509_export openssl_x509_free openssl_x509_parse openssl_x509_read |
