如何在PHP中使用CURL获取SSL证书信息? [英] How to get SSL certificate info with CURL in PHP?
问题描述
我想要能够使用CURL读取SSL证书信息。
从Linux控制台我得到这个响应头:
GET https://www.google.com/ - ed
Cache-Control:private,max-age = 0
连接:close
日期:Sun,2010年6月20日21:34:12 GMT
服务器:gws
Content-Type:text / html; charset = ISO-8859-1
到期日期:-1
客户日期:Sun,2010年6月20日21:34:18 GMT
客户端:66.102.13.106:443
Client-Response-Num:1
客户端SSL证书颁发者:/ C = ZA / O = Thawte Consulting(Pty)Ltd./CN=Thawte SGC CA
Client-SSL-主题:/ C = US / ST = California / L = Mountain View / O = Google Inc / CN = www.google.com
客户端SSL密码:RC4-SHA
客户端SSL警告:Peer certificate not verified
Set-Cookie:PREF = ID = 4d56960f6e3ad831:TM = 1277069652:LM = 1277069652:S = GF-w8Yc-_61NBzzJ; expires = Tue,19-Jun-2012 21:34:12 GMT; path = /; domain = .google.com
标题:Google
X-XSS-Protection:1;模式=块
但是使用CURL的标题短得多:
HTTP / 1.1 200 OK
日期:Sun,2010年6月20日21:39:07 GMT
到期:-1
缓存--ontrol:private,max-age = 0
Content-Type:text / html; charset = UTF-8
Set-Cookie:PREF = ID = 2d4fb1c933eebd09:TM = 1277069947:LM = 1277069947:S = 6_TgGKzD0rM4IWms; expires = Tue,19-Jun-2012 21:39:07 GMT; path = /; domain = .google.com
服务器:gws
X-XSS保护:1; mode = block
Transfer-Encoding:chunked
有可能获得这些信息,用CURL或一些其他PHP函数的完整标题?
否。 EDIT :已将 CURLINFO_CERTINFO 选项添加到PHP 5.3.2。请参见 http://bugs.php.net/49253
显然,您的代理在响应标头中向您提供了该信息。如果您想要依靠它,可以使用curl的 CURLOPT_HEADER 选项到 true 以在输出中包含标题。
但是,要检索证书而不依赖于某个代理,您必须执行
<?php
$ g = stream_context_create(array(ssl=> array(capture_peer_cert=> true)));
$ r = fopen(https://www.google.com/,rb,false,$ g);
$ cont = stream_context_get_params($ r);
var_dump($ cont [options] [ssl] [peer_certificate]);
您可以操作 $ cont [options] [
allow_url_fopen : <?php
$ g = stream_context_create(array(ssl=> array(capture_peer_cert=> true)));
$ r = stream_socket_client(ssl://www.google.com:443,$ errno,$ errstr,30,
STREAM_CLIENT_CONNECT,$ g);
$ cont = stream_context_get_params($ r);
var_dump($ cont [options] [ssl] [peer_certificate]);
I would like to be able to read the SSL certificate information with CURL. From the Linux console I get this response header:
GET https://www.google.com/ -ed
Cache-Control: private, max-age=0
Connection: close
Date: Sun, 20 Jun 2010 21:34:12 GMT
Server: gws
Content-Type: text/html; charset=ISO-8859-1
Expires: -1
Client-Date: Sun, 20 Jun 2010 21:34:18 GMT
Client-Peer: 66.102.13.106:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
Client-SSL-Cert-Subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
Client-SSL-Cipher: RC4-SHA
Client-SSL-Warning: Peer certificate not verified
Set-Cookie: PREF=ID=4d56960f6e3ad831:TM=1277069652:LM=1277069652:S=GF-w8Yc-_61NBzzJ; expires=Tue, 19-Jun-2012 21:34:12 GMT; path=/; domain=.google.com
Title: Google
X-XSS-Protection: 1; mode=block
But with CURL the header is much shorter:
HTTP/1.1 200 OK
Date: Sun, 20 Jun 2010 21:39:07 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=2d4fb1c933eebd09:TM=1277069947:LM=1277069947:S=6_TgGKzD0rM4IWms; expires=Tue, 19-Jun-2012 21:39:07 GMT; path=/; domain=.google.com
Server: gws
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Is there any possibility to get these information, the full header with CURL or with some other PHP function?
No. EDIT: A CURLINFO_CERTINFO option has been added to PHP 5.3.2. See http://bugs.php.net/49253
Apparently, that information is being given to you by your proxy in the response headers. If you want to rely on that, you can use curl's CURLOPT_HEADER option to trueto include the headers in the output.
However, to retrieve the certificate without relying on some proxy, you must do
<?php
$g = stream_context_create (array("ssl" => array("capture_peer_cert" => true)));
$r = fopen("https://www.google.com/", "rb", false, $g);
$cont = stream_context_get_params($r);
var_dump($cont["options"]["ssl"]["peer_certificate"]);
You can manipulate the value of $cont["options"]["ssl"]["peer_certificate"] with the OpenSSL extension.
EDIT: This option is better since it doesn't actually make the HTTP request and does not require allow_url_fopen:
<?php
$g = stream_context_create (array("ssl" => array("capture_peer_cert" => true)));
$r = stream_socket_client("ssl://www.google.com:443", $errno, $errstr, 30,
STREAM_CLIENT_CONNECT, $g);
$cont = stream_context_get_params($r);
var_dump($cont["options"]["ssl"]["peer_certificate"]);
这篇关于如何在PHP中使用CURL获取SSL证书信息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
