PHP Manual
OpenSSL-Funktionen
Verifies digital signature of x509 certificate against a public key

openssl_x509_verify

(PHP 7 >= 7.4.0, PHP 8)

openssl_x509_verify — Verifies digital signature of x509 certificate against a public key

Beschreibung

openssl_x509_verify(OpenSSLCertificate|string $certificate, OpenSSLAsymmetricKey|OpenSSLCertificate|array|string $public_key): int

openssl_x509_verify() verifies that the certificate certificate was signed by the private key corresponding to public key public_key.

Parameter-Liste

x509

Siehe Schlüssel-/Zertifikatsparameter für eine Auflistung der gültigen Werte.

public_key

OpenSSLAsymmetricKey - a key, returned by openssl_get_publickey()

string - a PEM formatted key, example, "-----BEGIN PUBLIC KEY----- MIIBCgK..."

Rückgabewerte

Returns 1 if the signature is correct, 0 if it is incorrect, and -1 on error.

Changelog

Version	Beschreibung
8.0.0	`certificate` accepts an OpenSSLCertificate instance now; previously, a Ressource of type `OpenSSL X.509` was accepted.
8.0.0	`public_key` accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a Ressource of type `OpenSSL key` or `OpenSSL X.509` was accepted.

Beispiele

Beispiel #1 openssl_x509_verify() example


<?php
$hostname = "news.php.net";
$ssloptions = array(
    "capture_peer_cert" => true, 
    "capture_peer_cert_chain" => true, 
    "allow_self_signed"=> false, 
    "CN_match" => $hostname,
    "verify_peer" => true,
    "SNI_enabled" => true,
    "SNI_server_name" => $hostname,
);
 
$ctx = stream_context_create( array("ssl" => $ssloptions) );
$result = stream_socket_client("ssl://$hostname:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx);
$cont = stream_context_get_params($result);
$x509 = $cont["options"]["ssl"]["peer_certificate"];
$certparsed = openssl_x509_parse($x509);

foreach($cont["options"]["ssl"]["peer_certificate_chain"] as $chaincert)
{
    $chainparsed = openssl_x509_parse($chaincert);
    $chain_public_key = openssl_get_publickey($chaincert);
    $r = openssl_x509_verify($x509, $chain_public_key);   
    if ($r==1)
    {
        echo $certparsed['subject']['CN'];
        echo " was digitally signed by ";
        echo $chainparsed['subject']['CN']."\n";
    }
}
?>