I've been looking on PHP.net's manual for openssl functions but it
seems that they have very little information on the said functions. Ive
tried posting on mailing lists for some help but I havent been receiving
fruitful responses. Some even told me that it is very difficult to find a
great deal of information on client authentication, simply because 99% of
SSL implementations are only concerned with authenticating the server.
I have an idea but I couldnt implement it because there are things
that I wanted to know first.
Is there a way where I can get or reference the certificate
submitted by the client when they connect to the server? Coz I looked at
the
openssl_x509_read() function and the manual says that openssl_x509_read()
parses the certificate supplied by x509certdata and returns a resource
identifier for it. However, Im wondring what is this x509certdata or how
would I assign the client's certificate to this. Ive seen some examples but
they all point to a definite path to the harddisk and not by remote
connection.
I was thinking of something like the pg_connect() in postgres or
ldap_connect where you get the resource that you can later use for
processing.
Coz like in this example, they say that $data and $signature are
assumed to contain the data and the signature but I couldnt find the docs
nor explanation on how the get $data and $signature.
// fetch public key from certificate and ready it
$fp = fopen("/src/openssl-0.9.6/demos/sign/cert.pem", "r");
$cert = fread($fp, 8192);
fclose($fp);
$pubkeyid = openssl_get_publickey($cert);
// state whether signature is okay or not
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok == 1)
echo "good";
elseif ($ok == 0)
echo "bad";
else
echo "ugly, error checking signature";
// free the key from memory
openssl_free_key($pubkeyid);
Maybe, I just overlooked it or most likely, I just couldn't
understand it, but one thing is for sure: Im really, really lost.
But I have a feeling that these openssl_x509_xxx set of
functions are the answer so if only I can find a more elaborate information
on this (not like on
http://www.php.net/manual/en/function.openssl-x509-read.php
which of course, doesnt contain much), I think I can pull this off.
Please help me.
Happy ThanksGiving,
Richard
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
