Documentation

TlsHelper
in package

Tags
author

Chris Smith chris@cs278.org

Table of Contents

checkCertificateHost()  : bool
Match hostname against a certificate.
getCertificateFingerprint()  : mixed
Get the certificate pin.
getCertificateNames()  : array<string|int, mixed>|null
Extract DNS names out of an X.509 certificate.
isOpensslParseSafe()  : bool
Test if it is safe to use the PHP function openssl_x509_parse().
certNameMatcher()  : callable|void
Convert certificate name into matching function.

Methods

checkCertificateHost()

Match hostname against a certificate.

public static checkCertificateHost(mixed $certificate, string $hostname[, string &$cn = null ]) : bool
Parameters
$certificate : mixed

X.509 certificate

$hostname : string

Hostname in the URL

$cn : string = null

Set to the common name of the certificate iff match found

Return values
bool

getCertificateFingerprint()

Get the certificate pin.

public static getCertificateFingerprint(mixed $certificate) : mixed

By Kevin McArthur of StormTide Digital Studios Inc.

Parameters
$certificate : mixed
Tags
KevinSMcArthur

/ https://github.com/StormTide

See http://tools.ietf.org/html/draft-ietf-websec-key-pinning-02

This method was adapted from Sslurp. https://github.com/EvanDotPro/Sslurp

(c) Evan Coury me@evancoury.com

For the full copyright and license information, please see below:

Copyright (c) 2013, Evan Coury All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice,
  this list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice,
  this list of conditions and the following disclaimer in the documentation
  and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Return values
mixed

getCertificateNames()

Extract DNS names out of an X.509 certificate.

public static getCertificateNames(mixed $certificate) : array<string|int, mixed>|null
Parameters
$certificate : mixed

X.509 certificate

Return values
array<string|int, mixed>|null

isOpensslParseSafe()

Test if it is safe to use the PHP function openssl_x509_parse().

public static isOpensslParseSafe() : bool

This checks if OpenSSL extensions is vulnerable to remote code execution via the exploit documented as CVE-2013-6420.

Return values
bool

certNameMatcher()

Convert certificate name into matching function.

private static certNameMatcher(string $certName) : callable|void
Parameters
$certName : string

CN/SAN

Return values
callable|void

Search results