• 首页
  • vue
  • TypeScript
  • JavaScript
  • scss
  • css3
  • html5
  • php
  • MySQL
  • redis
  • jQuery
    •
    位置: php 中文手册 -> php 外部扩展库 -> openssl库(通信加密)

    openssl_x509_checkpurpose()

    (PHP 4 >= 4.0.6, PHP 5, PHP 7)

    验证是否可以为特定目的使用证书

    说明

    openssl_x509_checkpurpose(mixed $x509cert,int $purpose[,array $cainfo= array()[,string $untrustedfile]]): int

    openssl_x509_checkpurpose()检查证书以查看它是否可用于指定目的$purpose.

    参数

    $x509cert

    被检查的证书。

    $purpose

    openssl_x509_checkpurpose()目的
    常量名描述
    X509_PURPOSE_SSL_CLIENT证书是否可以用于SSL连接的客户端?
    X509_PURPOSE_SSL_SERVER证书是否可以用于SSL连接的服务器端?
    X509_PURPOSE_NS_SSL_SERVER证书是否可以用于Netscape SSL服务器?
    X509_PURPOSE_SMIME_SIGN证书是否可以用来签名 S/MIME 邮件?
    X509_PURPOSE_SMIME_ENCRYPT正式是否可用用来加密 S/MIME 邮件?
    X509_PURPOSE_CRL_SIGN证书是否可以用来签名证书撤销列表(CRL)?
    X509_PURPOSE_ANY证书是否可以用于任何目的?
    这些选项不是位字段——您只能指定一个字段!

    $cainfo

    $cainfo应该是一个受信任的 CA 文件/文件夹组成的数组,如Certificate Verification所描述的一样。

    $untrustedfile

    如果指定,这应该是PEM编码文件的名称,该文件持有证书,可以用来帮助验证证书,尽管从该文件中获得的证书不受信任。

    返回值

    如果证书可以用于预期目的,返回TRUE,如果不行,则返回FALSE错误便会返回-1。

    The following is an example usage of openssl_x509_checkpurpose. It is equivalent to the openssl verify command as follows:
openssl verify -CApath $openssl_cadir -purpose sslserver $openssl_crtfile
<?php
$openssl_crtfile='auth.combined.pem';
$openssl_cadir='./ca';
$x509_res = openssl_x509_read(file_get_contents($openssl_crtfile));
if(empty($x509_res)) {
    echo 'x509 cert could not be read'."\n";
}
$valid = openssl_x509_checkpurpose($x509_res,X509_PURPOSE_SSL_SERVER,array($openssl_cadir));
if ($valid === true) {
    echo 'Certificate is valid for use as SSL server'."\n";
} else {
    echo 'Certificate validation returned'.$valid."\n";
}
?>

    Few days ago I dual boot my system into Windows 8 and play around with it, and then I boot it back to windows 7, and all of sudden this function fails by returning me 0 all the time.
Spent almost two hours digging google for no result, I almost end my research.
Then (I don't know why) I did a system time update (synchronize with time.nist.gov), and all of sudden, this function returns me 1 (true).
It's true that when I boot back to Windows 7 my time has been screwed by a few hours later than my current time, and I did a manual change on it. I doubt this has anything to do with this function?
Hope it helps.
Keywords: google discovery, openid, discovery
Platform: Windows 7 64bit, PHP 5.3.13

    上篇:openssl_x509_check_private_key()

    下篇:openssl_x509_export_to_file()