openssl_x509_checkpurpose()
(PHP 4 >= 4.0.6, PHP 5, PHP 7)
验证是否可以为特定目的使用证书
说明
openssl_x509_checkpurpose(mixed $x509cert,int $purpose[,array $cainfo= array()[,string $untrustedfile]]): int
openssl_x509_checkpurpose()检查证书以查看它是否可用于指定目的$purpose.
参数
- $x509cert
被检查的证书。
- $purpose
这些选项不是位字段——您只能指定一个字段!openssl_x509_checkpurpose()目的 常量名 描述 X509_PURPOSE_SSL_CLIENT 证书是否可以用于SSL连接的客户端? X509_PURPOSE_SSL_SERVER 证书是否可以用于SSL连接的服务器端? X509_PURPOSE_NS_SSL_SERVER 证书是否可以用于Netscape SSL服务器? X509_PURPOSE_SMIME_SIGN 证书是否可以用来签名 S/MIME 邮件? X509_PURPOSE_SMIME_ENCRYPT 正式是否可用用来加密 S/MIME 邮件? X509_PURPOSE_CRL_SIGN 证书是否可以用来签名证书撤销列表(CRL)? X509_PURPOSE_ANY 证书是否可以用于任何目的? - $cainfo
$cainfo应该是一个受信任的 CA 文件/文件夹组成的数组,如Certificate Verification所描述的一样。
- $untrustedfile
如果指定,这应该是PEM编码文件的名称,该文件持有证书,可以用来帮助验证证书,尽管从该文件中获得的证书不受信任。
返回值
如果证书可以用于预期目的,返回TRUE
,如果不行,则返回FALSE
错误便会返回-1。
The following is an example usage of openssl_x509_checkpurpose. It is equivalent to the openssl verify command as follows: openssl verify -CApath $openssl_cadir -purpose sslserver $openssl_crtfile <?php $openssl_crtfile='auth.combined.pem'; $openssl_cadir='./ca'; $x509_res = openssl_x509_read(file_get_contents($openssl_crtfile)); if(empty($x509_res)) { echo 'x509 cert could not be read'."\n"; } $valid = openssl_x509_checkpurpose($x509_res,X509_PURPOSE_SSL_SERVER,array($openssl_cadir)); if ($valid === true) { echo 'Certificate is valid for use as SSL server'."\n"; } else { echo 'Certificate validation returned'.$valid."\n"; } ?>
Few days ago I dual boot my system into Windows 8 and play around with it, and then I boot it back to windows 7, and all of sudden this function fails by returning me 0 all the time. Spent almost two hours digging google for no result, I almost end my research. Then (I don't know why) I did a system time update (synchronize with time.nist.gov), and all of sudden, this function returns me 1 (true). It's true that when I boot back to Windows 7 my time has been screwed by a few hours later than my current time, and I did a manual change on it. I doubt this has anything to do with this function? Hope it helps. Keywords: google discovery, openid, discovery Platform: Windows 7 64bit, PHP 5.3.13