我要验证客户端的证书是否正确(不用HTTPS协议,直接在HTTP协议下,让客户端选择证书发送给服务器端)。
假设我得到证书了,我只需要CA的公钥就可以验证客户端证书的正确性吧。
在PHP中找到了这个方法:
int openssl_verify ( string data, string signature, mixed pub_key_id [, int signature_alg] )
这个方法是验证证书用的吗?参数是什么意思
假设我得到证书了,我只需要CA的公钥就可以验证客户端证书的正确性吧。
在PHP中找到了这个方法:
int openssl_verify ( string data, string signature, mixed pub_key_id [, int signature_alg] )
这个方法是验证证书用的吗?参数是什么意思
$fp = fopen("ca.crt", "r");
$CAcert = fread($fp, 8192);
fclose($fp);
$CApubkey=openssl_get_publickey($CAcert);
echo "CA的公钥是:".$CApubkey;现在需要得到是用CA在客户端证书上的签名,然后用该公钥去解密,能解开表示是该CA签发的。我从这段代码中得到了用户证书的一些信息:
$fp = fopen("client.crt", "r");
$cert = fread($fp, 8192);
fclose($fp);
$data = openssl_x509_parse($cert);
foreach($data as $message){
echo $message."</br>";
}
但是不知道怎么取得签名。
[subject] => Array(
[C] => zn
[ST] => hunan
[L] => changsha
[O] => null
[OU] => null
[CN] => *****
[emailAddress] => *****) [hash] => 536abe0c
[issuer] => Array (
[C] => zn
[ST] => jiangsu
[L] => *****
[O] => *****
[OU] => R&D
[CN] => *****
[emailAddress] => *****) [version] => 0
[serialNumber] => 12068788090705468509
[validFrom] => 090520020302Z
[validTo] => 190518020302Z
[validFrom_time_t] => 1242781382
[validTo_time_t] => 1558141382
[purposes] => Array(
[1] => Array (
[0] => 1
[1] =>
[2] => sslclient) [2] => Array(
[0] => 1
[1] =>
[2] => sslserver ) [3] => Array (
[0] => 1
[1] =>
[2] => nssslserver) [4] => Array(
[0] => 1
[1] =>
[2] => smimesign) [5] => Array(
[0] => 1
[1] =>
[2] => smimeencrypt) [6] => Array(
[0] => 1
[1] =>
[2] => crlsign) [7] => Array(
[0] => 1
[1] => 1
[2] => any ) [8] => Array(
[0] => 1
[1] =>
[2] => ocsphelper)
) [extensions] => Array( ))
签发者和使用者的基本信息都有,可关键的像使用者的公钥,签章的信息,以及签章的加密算法类型都没有。 郁闷了啊。各位PHP牛人,难道没用这些方法吗?给点提示啊。