I will start a series of php tutorials regarding webservices, security, web requests.

They are not in any order, but as i see them fit, and as they come into my mind.

At some moment in time i had a use to access a SSL service using cURL.

As i could not acomplish that, after a few tries, i found out that the error was of an invalid certificate.

At first glance, you can deactivate CURLOPT_SSL_VERIFYPEER, but sometimes that is not enough. Some web servers will still require an SSL authentification.

Solution : Sending the certificate through th erequest.

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, '[path to PEM format certificate]');

Ok. Now we need to generate that certificate. We can save it from browser and uplaod iti to server in our application. What happens when it expires ? we need again to downlaod it and upload to the application folder. I did not like that as i needed the aplication to run for several virtual host and may with different settings. So i needed an automatic solution.

Here come the PHP stream functions

$url = 'url'; //target URL
$context = stream_context_create();
$res = stream_context_set_option($context, 'ssl', 'capture_peer_cert', true);
$res = stream_context_set_option($context, 'ssl', 'verify_host', true);
if ($socket = stream_socket_client("tls://$url:443/", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context))
{
  if ($options = stream_context_get_options($context))
  {
    if ( isset ($options['ssl']) && isset ($options['ssl']['peer_certificate']))
    {
      $keyinfo = openssl_x509_export_to_file($options['ssl']['peer_certificate'], 'file to save to');
    }
   }
}

So, we create a stream context, set the capture_peer_cert option to true (this is the purpose), and connect to throught tls protocol to that host. (TLS is the newer SSL). After rerieving the data, will use the openssl functions to save it to a x509 compatible format (PEM).

In case u need to test an already saved certificat for date expiry, you can use this :

$keyinfo = openssl_x509_parse(file_get_contents($filename));
var_dump($keyinfo['validTo']);

The date is in the YYMMDDHHMMSS format.

Of course you need the OpenSSL extension, and the SSL/TLS Registered Stream Socket Transports

PHP Tutorials