openssl_x509_free
When dealing with the purposes of a x509 crt file
the output of openssl_x509_parse gives an array with following for the purposes:
each new array ([purposes][1], [purposes][2] for example) is a new purpose check
I compared this output with the output of the command
# openssl x509 -purpose -in <x509crt_file>
the result i got was that
[purposes][x][2] quite obviously is the name of the purpose checked
[purposes][x][1] corresponds to the tested purpose (as named in [purposes][x][2]) acting as CA
[purposes][x][0] corresponds to the general availability of the purpose
[purposes] => Array
(
[1] => Array
(
[0] => 1
[1] => 1
[2] => sslclient
)
[2] => Array
(
[0] => 1
[1] => 1
[2] => sslserver
)
[3] => Array
(
[0] => 1
[1] => 1
[2] => nssslserver
)
[4] => Array
(
[0] => 1
[1] => 1
[2] => smimesign
)
[5] => Array
(
[0] => 1
[1] => 1
[2] => smimeencrypt
)
[6] => Array
(
[0] => 1
[1] => 1
[2] => crlsign
)
[7] => Array
(
[0] => 1
[1] => 1
[2] => any
)
[8] => Array
(
[0] => 1
[1] => 1
[2] => ocsphelper
)
)
openssl_x509_parse
(PHP 4 >= 4.0.6, PHP 5)
openssl_x509_parse — Parst ein X.509-Zertifikat und liefert die Informationen als Array zurück
Beschreibung
openssl_x509_parse() liefert Informationen über das per x509cert übergebene Zertifikat zurück, wie beispielsweise Name des Gegenstands, Name des Herausgebers, Zweck, Zeitangaben zur Gültigkeit etc.
Parameter-Liste
- x509cert
-
- shortnames
-
Der Parameter shortnames kontrolliert wie die Daten im Array indiziert werden. Wenn TRUE übergeben wird (Standard) dann wird die Kurzform verwendet, andernfalls werden die langen Bezeichner benutzt; CN ist beispielsweise die Kurzform zu commonName.
Rückgabewerte
Die Struktur der zurückgegeben Daten ist absichtlich noch nicht dokumentiert, da es noch Änderungen geben wird.
add a note
User Contributed Notesopenssl_x509_parse
nathanael at dihedral dot de
11-Aug-2006 03:02
11-Aug-2006 03:02
maarten at xolphin dot nl
11-Feb-2005 11:00
11-Feb-2005 11:00
At this time very useful X509 oids (like streetAddress, postalCode and others) are missing. You can find a list of them at http://www.alvestrand.no/objectid/2.5.4.html, I hope they get included to openssl-x509-parse soon.
Until then you can get these oids anyway like this:
<?
function getOID($OID, $ssl)
{
preg_match('/\/' . $OID . '=([^\/]+)/', $ssl, $matches);
return $matches[1];
}
$cert = file_get_contents('test.crt');
$ssl = openssl_x509_parse($cert);
$Address = getOID('2.5.4.9', $ssl['name']);
$ZipCode = getOID('2.5.4.17', $ssl['name']);
$Postbox = getOID('2.5.4.18', $ssl['name']);
?>
The parseCert function from the Horde framework can be usefull for this too.
smgallo at buffalo dot edu
29-Oct-2004 08:15
29-Oct-2004 08:15
The identifier for the email portion of certificates in the name and subject array have changed since PHP4. In PHP 4.3.0 the following array was returned (displayed my print_r())
[name] => /O=Grid/O=Globus/O=CCR Grid Portal/OU=Portal User/CN=Test User/Email=test@nospam.buffalo.edu
[subject] => Array
(
[O] => Grid/O=Globus/O=CCR Grid Portal
[OU] => Portal User
[CN] => Test User
[Email] => test@nospam.buffalo.edu
...
The result in PHP5 is (note Email -> emailAddress):
[name] => /O=Grid/O=Globus/O=CCR Grid Portal/OU=Portal User/CN=Test User/emailAddress=test@nospam.buffalo.edu
[subject] => Array
(
[O] => Grid/O=Globus/O=CCR Grid Portal
[OU] => Portal User
[CN] => Test User
[emailAddress] => test@nospam.buffalo.edu
...
Of course, the manual DOES say this could happen. :)