PHP Function OpenSSL X509 Fingerprint
php function openssl_x509_fingerprint checks for a given certificate fingerprint.
New functions have been added to generate, extract and verify signed public key and challenges (SPKAC). openssl_spki_new(), openssl_spki_verify() and openssl_spki_export_challenge() are used to create, verify and export the PEM formatted RSA private key and associated challenge from an SPKAC. The openSSL_pkcs12_read() function parses the PKCS#12 file to return an array of certificates.
The default ciphers used by PHP have been updated to a more secure list based on the >> Mozilla cipher recommendations with two additional exclusions: anonymous Diffie-Hellman ciphers and RC4. The OPENSSL_DEFAULT_STREAM_CIPHERS context option can be set to control this, and an honor_cipher_order SSL context option has been added to allow encrypted stream servers to mitigate BEAST vulnerabilities.
The OPENSSL_DEFAULT_PRIVATE_KEYS context option allows the selection of a key pair to use for ECDH cipher suites, thereby improving forward secrecy. The OPENSSL_DEFAULT_PADDING context option has been changed to accept a bitmask enumerating the possible values of the padding for X509 certificates; previously it accepted only OPENSSL_PKCS1_PADDING or OPENSSL_NO_PADDING. The OPENSSL_SECURE_SIGNERS context option has been removed; the default ciphers for an SSL/TLS connection are now controlled by the ssl_client_ciphers context variable instead. Various other minor improvements have also been made. For a full list see the changelog.