I've been looking on PHP.net's manual for openssl functions but it seems that they have very little information on the said functions. Ive tried posting on mailing lists for some help but I havent been receiving fruitful responses. Some even told me that it is very difficult to find a great deal of information on client authentication, simply because 99% of SSL implementations are only concerned with authenticating the server.
I have an idea but I couldnt implement it because there are things that I wanted to know first. Is there a way where I can get or reference the certificate submitted by the client when they connect to the server? Coz I looked at the openssl_x509_read() function and the manual says that openssl_x509_read() parses the certificate supplied by x509certdata and returns a resource identifier for it. However, Im wondring what is this x509certdata or how would I assign the client's certificate to this. Ive seen some examples but they all point to a definite path to the harddisk and not by remote connection. I was thinking of something like the pg_connect() in postgres or ldap_connect where you get the resource that you can later use for processing. Coz like in this example, they say that $data and $signature are assumed to contain the data and the signature but I couldnt find the docs nor explanation on how the get $data and $signature. // fetch public key from certificate and ready it $fp = fopen("/src/openssl-0.9.6/demos/sign/cert.pem", "r"); $cert = fread($fp, 8192); fclose($fp); $pubkeyid = openssl_get_publickey($cert); // state whether signature is okay or not $ok = openssl_verify($data, $signature, $pubkeyid); if ($ok == 1) echo "good"; elseif ($ok == 0) echo "bad"; else echo "ugly, error checking signature"; // free the key from memory openssl_free_key($pubkeyid); Maybe, I just overlooked it or most likely, I just couldn't understand it, but one thing is for sure: Im really, really lost. But I have a feeling that these openssl_x509_xxx set of functions are the answer so if only I can find a more elaborate information on this (not like on http://www.php.net/manual/en/function.openssl-x509-read.php which of course, doesnt contain much), I think I can pull this off. Please help me. Happy ThanksGiving, Richard -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php