PHP uses the socket to get the SSL certificate of the website and the public key sample code

Socket (Computer professional terminology)

The two programs on the network realize the exchange of data through a two-way communication connection, one end of this connection is called a socket.

Establish a network communication connection with at least a pair of port numbers (sockets). Socket is the nature of the programming Interface (API), TCP/IP encapsulation, TCP/IP also to provide the interface for programmers to do network development, this is the socket programming interface; HTTP is a sedan that provides a specific form of encapsulation or display of data; The socket is the engine that provides the ability to communicate over the network.

The English literal of the socket is "hole" or "socket". As the BSD UNIX process communication mechanism, take the latter one meaning. Often also referred to as a "socket," which describes IP addresses and ports, is a handle to a communication chain that can be used to communicate between different virtual machines or different computers. Hosts on the internet typically run multiple service software, while providing several services. Each service opens a socket and binds to a port, and the different ports correspond to different services. The socket is like a porous socket, as its English intended. A host is like a room full of various sockets, each outlet has a number, some sockets provide 220 vac, some provide 110 volts AC, some provide cable TV programs. Customer software plug into different numbered sockets, you can get different services.

This article mainly introduces the use of PHP socket to obtain the SSL certificate and public key information, the text gives a detailed sample code for everyone to reference the study, for everyone has a certain reference learning value, the need for friends below to see it together.

Requesting a Web page from Php Curl does not obtain the certificate information, and the certificate content needs to be obtained using an SSL socket. Here is a look at the detailed introduction:

Example code:

Create Stream context$context = Stream_context_create ([' ssl ' = ' =  ' capture_peer_cert ' + ' = True  ' Capture_ Peer_cert_chain ' = (true,],]); $resource = Stream_socket_client ("ssl://$domain: $port", $errno, $errstr,, Stream_client_connect, $context); $cert Stream_context_get_params ($resource); $ssl = $cert [' Options '] [' SSL ']; $resource = $ssl [' peer_certificate ']; The website certificate only has the public key, the public key is exported through the openssl_pkey_get_details $ret = [' crt ' = ', ' pub ' = = ',]; $pkey = Openssl_pkey_get_public ($resource), $ret [' pub '] = Openssl_pkey_get_details ($pkey) [' Key ']; Openssl_x509_export ($resource, $PEM); $ret [' crt '] = $PEM;  foreach ($ssl [' Peer_certificate_chain '] as $resource) {Openssl_x509_export ($resource, $PEM); $ret [' crt ']. = "\ n". $pem;} Save $ret [' CRT '] for domain.crt//save $ret [' Pub '] for domain.pub return $ret;

Verify that public key A is correct in the certificate, export public key B through the private key, and compare the two findings.

$domain = ' blog.zhengxianjun.com '; $port = ' 443 ';//... $pub _a = $ret [' Pub ']; $private _key_path = '/conf/ssl/blog.zhengxianjun.com.key '; The certificate does not have a password set, $passphrase an empty string $pkey = Openssl_pkey_get_private (file_get_content ($private _key_path), $passphrase = "); $pub _b = openssl_pkey_get_details ($pkey) [' Key ']; The two are consistent var_dump ($pub _a = = = $pub _b);

The function stream_socket_client also has a purpose of obtaining a domain name that can be used by the server when the server IP is known.

$resource = Stream_socket_client ("ssl://$ip: $port", $errno, $errstr,, Stream_client_connect, $context); $cert Stream_context_get_params ($resource); Parse the certificate of $info = Openssl_x509_parse ($cert [' Options '] [' SSL '] [' peer_certificate ']); Get the list of trusted domains in the certificate $domain = Str_replace (' DNS: ', ' ', $info [' Extensions '] [' subjectaltname ']);

You can see that obtaining a Web site certificate does not obtain a private key.

In some sites that use CDN, if you use HTTPS and want to use your own domain name, do you need to provide your private key to the CDN vendor? In fact, the certificate path does not need to be consistent with the user name (the domain name that supports HTTPS).

That is, you do not need to use your own SSL certificate when using your own domain name and CDN acceleration, just add your CDN domain name to the list of vendor certificates.