我希望能够使用CURL读取SSL证书信息。从Linux控制台,我得到以下响应头:
GET https://www.google.com/ -ed Cache-Control: private, max-age=0 Connection: close Date: Sun, 20 Jun 2010 21:34:12 GMT Server: gws Content-Type: text/html; charset=ISO-8859-1 Expires: -1 Client-Date: Sun, 20 Jun 2010 21:34:18 GMT Client-Peer: 66.102.13.106:443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA Client-SSL-Cert-Subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com Client-SSL-Cipher: RC4-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: PREF=ID=4d56960f6e3ad831:TM=1277069652:LM=1277069652:S=GF-w8Yc-_61NBzzJ; expires=Tue, 19-Jun-2012 21:34:12 GMT; path=/; domain=.google.com Title: Google X-XSS-Protection: 1; mode=block
但是使用CURL时,标头要短得多:
HTTP/1.1 200 OK Date: Sun, 20 Jun 2010 21:39:07 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Set-Cookie: PREF=ID=2d4fb1c933eebd09:TM=1277069947:LM=1277069947:S=6_TgGKzD0rM4IWms; expires=Tue, 19-Jun-2012 21:39:07 GMT; path=/; domain=.google.com Server: gws X-XSS-Protection: 1; mode=block Transfer-Encoding: chunked
是否有可能获取这些信息,带有CURL或带有其他一些PHP函数的完整标头?
否。 编辑 :一个CURLINFO_CERTINFO选项已添加到PHP 5.3.2。见http://bugs.php.net/49253
CURLINFO_CERTINFO
显然,该信息是由您的代理在响应标头中提供的。如果你想依靠这一点,你可以用卷曲的CURLOPT_HEADER选项,以true包括在输出中的标头。
CURLOPT_HEADER
true
但是,要在不依赖某些代理的情况下检索证书,您必须
<?php $g = stream_context_create (array("ssl" => array("capture_peer_cert" => true))); $r = fopen("https://www.google.com/", "rb", false, $g); $cont = stream_context_get_params($r); var_dump($cont["options"]["ssl"]["peer_certificate"]);
您可以$cont["options"]["ssl"]["peer_certificate"]使用OpenSSL扩展名操纵的值。
$cont["options"]["ssl"]["peer_certificate"]
编辑 :此选项更好,因为它实际上并不发出HTTP请求,并且不需要allow_url_fopen:
allow_url_fopen
<?php $g = stream_context_create (array("ssl" => array("capture_peer_cert" => true))); $r = stream_socket_client("ssl://www.google.com:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $g); $cont = stream_context_get_params($r); var_dump($cont["options"]["ssl"]["peer_certificate"]);