PHP Function OpenSSL X509 Fingerprint

php function openssl_x509_fingerprint checks for a given certificate fingerprint.

New functions have been added to generate, extract and verify signed public key and challenges (SPKAC). openssl_spki_new(), openssl_spki_verify() and openssl_spki_export_challenge() are used to create, verify and export the PEM formatted RSA private key and associated challenge from an SPKAC. The openSSL_pkcs12_read() function parses the PKCS#12 file to return an array of certificates.

The default ciphers used by PHP have been updated to a more secure list based on the >> Mozilla cipher recommendations with two additional exclusions: anonymous Diffie-Hellman ciphers and RC4. The OPENSSL_DEFAULT_STREAM_CIPHERS context option can be set to control this, and an honor_cipher_order SSL context option has been added to allow encrypted stream servers to mitigate BEAST vulnerabilities.

The OPENSSL_DEFAULT_PRIVATE_KEYS context option allows the selection of a key pair to use for ECDH cipher suites, thereby improving forward secrecy. The OPENSSL_DEFAULT_PADDING context option has been changed to accept a bitmask enumerating the possible values of the padding for X509 certificates; previously it accepted only OPENSSL_PKCS1_PADDING or OPENSSL_NO_PADDING. The OPENSSL_SECURE_SIGNERS context option has been removed; the default ciphers for an SSL/TLS connection are now controlled by the ssl_client_ciphers context variable instead. Various other minor improvements have also been made. For a full list see the changelog.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

openssl_x509_fingerprint example

$pin = openssl_pkey_get_public($h);
        $pin = openssl_pkey_get_details($pin)['key'];
        $pin = \array_slice(explode("\n", $pin), 1, -2);
        $pin = base64_decode(implode('', $pin));
        $pin = base64_encode(hash('sha256', $pin, true));

        $a += [
            'subject' => new EnumStub(array_intersect_key($info['subject']['organizationName' => true, 'commonName' => true])),
            'issuer' => new EnumStub(array_intersect_key($info['issuer']['organizationName' => true, 'commonName' => true])),
            'expiry' => new ConstStub(date(\DateTimeInterface::ISO8601, $info['validTo_time_t'])$info['validTo_time_t']),
            'fingerprint' => new EnumStub([
                'md5' => new ConstStub(wordwrap(strtoupper(openssl_x509_fingerprint($h, 'md5')), 2, ':', true)),
                'sha1' => new ConstStub(wordwrap(strtoupper(openssl_x509_fingerprint($h, 'sha1')), 2, ':', true)),
                'sha256' => new ConstStub(wordwrap(strtoupper(openssl_x509_fingerprint($h, 'sha256')), 2, ':', true)),
                'pin-sha256' => new ConstStub($pin),
            ]),
        ];

        return $a;
    }
}
$pin = openssl_pkey_get_public($h);
        $pin = openssl_pkey_get_details($pin)['key'];
        $pin = \array_slice(explode("\n", $pin), 1, -2);
        $pin = base64_decode(implode('', $pin));
        $pin = base64_encode(hash('sha256', $pin, true));

        $a += [
            'subject' => new EnumStub(array_intersect_key($info['subject']['organizationName' => true, 'commonName' => true])),
            'issuer' => new EnumStub(array_intersect_key($info['issuer']['organizationName' => true, 'commonName' => true])),
            'expiry' => new ConstStub(date(\DateTimeInterface::ISO8601, $info['validTo_time_t'])$info['validTo_time_t']),
            'fingerprint' => new EnumStub([
                'md5' => new ConstStub(wordwrap(strtoupper(openssl_x509_fingerprint($h, 'md5')), 2, ':', true)),
                'sha1' => new ConstStub(wordwrap(strtoupper(openssl_x509_fingerprint($h, 'sha1')), 2, ':', true)),
                'sha256' => new ConstStub(wordwrap(strtoupper(openssl_x509_fingerprint($h, 'sha256')), 2, ':', true)),
                'pin-sha256' => new ConstStub($pin),
            ]),
        ];

        return $a;
    }
}
Home | Imprint | This part of the site doesn't use cookies.