Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg



PHP : Function Reference : OpenSSL Functions : openssl_x509_parse

openssl_x509_parse

Parse an X509 certificate and return the information as an array (PHP 4 >= 4.0.6, PHP 5)
array openssl_x509_parse ( mixed x509cert [, bool shortnames] )


Code Examples / Notes » openssl_x509_parse

nathanael

When dealing with the purposes of a x509 crt file
the output of openssl_x509_parse gives an array with following for the purposes:
each new array ([purposes][1], [purposes][2] for example) is a new purpose check
I compared this output with the output of the command
# openssl x509 -purpose -in <x509crt_file>
the result i got was that
[purposes][x][2] quite obviously is the name of the purpose checked
[purposes][x][1] corresponds to the tested purpose (as named in [purposes][x][2]) acting as CA
[purposes][x][0] corresponds to the general availability of the purpose
[purposes] => Array
   (
       [1] => Array
           (
               [0] => 1
               [1] => 1
               [2] => sslclient
           )
       [2] => Array
           (
               [0] => 1
               [1] => 1
               [2] => sslserver
           )
       [3] => Array
           (
               [0] => 1
               [1] => 1
               [2] => nssslserver
           )
       [4] => Array
           (
               [0] => 1
               [1] => 1
               [2] => smimesign
           )
       [5] => Array
           (
               [0] => 1
               [1] => 1
               [2] => smimeencrypt
           )
       [6] => Array
           (
               [0] => 1
               [1] => 1
               [2] => crlsign
           )
       [7] => Array
           (
               [0] => 1
               [1] => 1
               [2] => any
           )
       [8] => Array
           (
               [0] => 1
               [1] => 1
               [2] => ocsphelper
           )
   )


smgallo

The identifier for the email portion of certificates in the name and subject array have changed since PHP4.  In PHP 4.3.0 the following array was returned (displayed my print_r())
[name] => /O=Grid/O=Globus/O=CCR Grid Portal/OU=Portal User/CN=Test User/Email=test@nospam.buffalo.edu
[subject] => Array
(
  [O] => Grid/O=Globus/O=CCR Grid Portal
  [OU] => Portal User
  [CN] => Test User
  [Email] => test@nospam.buffalo.edu
...
The result in PHP5 is (note Email -> emailAddress):
[name] => /O=Grid/O=Globus/O=CCR Grid Portal/OU=Portal User/CN=Test User/emailAddress=test@nospam.buffalo.edu
[subject] => Array
(
  [O] => Grid/O=Globus/O=CCR Grid Portal
  [OU] => Portal User
  [CN] => Test User
  [emailAddress] => test@nospam.buffalo.edu
...
Of course, the manual DOES say this could happen.  :)


maarten

At this time very useful X509 oids (like streetAddress, postalCode and others) are missing. You can find a list of them at http://www.alvestrand.no/objectid/2.5.4.html, I hope they get included to openssl-x509-parse soon.
Until then you can get these oids anyway like this:
<?
 function getOID($OID, $ssl)
 {
   preg_match('/\/' . $OID  . '=([^\/]+)/', $ssl, $matches);
   return $matches[1];
 }
 $cert = file_get_contents('test.crt');
 $ssl = openssl_x509_parse($cert);
 $Address = getOID('2.5.4.9', $ssl['name']);
 $ZipCode = getOID('2.5.4.17', $ssl['name']);
 $Postbox = getOID('2.5.4.18', $ssl['name']);
?>
The parseCert function from the Horde framework can be usefull for this too.


Change Language


Follow Navioo On Twitter
openssl_csr_export_to_file
openssl_csr_export
openssl_csr_get_public_key
openssl_csr_get_subject
openssl_csr_new
openssl_csr_sign
openssl_error_string
openssl_free_key
openssl_get_privatekey
openssl_get_publickey
openssl_open
openssl_pkcs12_export_to_file
openssl_pkcs12_export
openssl_pkcs12_read
openssl_pkcs7_decrypt
openssl_pkcs7_encrypt
openssl_pkcs7_sign
openssl_pkcs7_verify
openssl_pkey_export_to_file
openssl_pkey_export
openssl_pkey_free
openssl_pkey_get_details
openssl_pkey_get_private
openssl_pkey_get_public
openssl_pkey_new
openssl_private_decrypt
openssl_private_encrypt
openssl_public_decrypt
openssl_public_encrypt
openssl_seal
openssl_sign
openssl_verify
openssl_x509_check_private_key
openssl_x509_checkpurpose
openssl_x509_export_to_file
openssl_x509_export
openssl_x509_free
openssl_x509_parse
openssl_x509_read
eXTReMe Tracker