I've been looking on PHP.net's manual for openssl functions but it
 seems that they have very little information on the said functions. Ive
 tried posting on mailing lists for some help but I havent been receiving
 fruitful responses. Some even told me that it is very difficult to find a
 great deal of information on client authentication, simply because 99% of
 SSL implementations are only concerned with authenticating the server.

          I have an idea but I couldnt implement it because there are things
 that I wanted to know first.

         Is there a way where I can get or reference the certificate
 submitted by the client when they connect to the server? Coz I looked at
the
 openssl_x509_read() function and the manual says that openssl_x509_read()
 parses the certificate supplied by x509certdata and returns a resource
 identifier for it. However, Im wondring what is this x509certdata or how
 would I assign the client's certificate to this. Ive seen some examples but
 they all point to a definite path to the harddisk and not by remote
 connection.

           I was thinking of something like the pg_connect()  in postgres or
 ldap_connect  where you get the resource that you can later use for
 processing.

           Coz like in this example, they say that $data and $signature are
 assumed to contain the data and the signature but I couldnt find the docs
 nor explanation on how the get  $data and $signature.

 // fetch public key from certificate and ready it
 $fp = fopen("/src/openssl-0.9.6/demos/sign/cert.pem", "r");
 $cert = fread($fp, 8192);
 fclose($fp);
 $pubkeyid = openssl_get_publickey($cert);

 // state whether signature is okay or not
 $ok = openssl_verify($data, $signature, $pubkeyid);
 if ($ok == 1)
     echo "good";
 elseif ($ok == 0)
     echo "bad";
 else
     echo "ugly, error checking signature";

 // free the key from memory
 openssl_free_key($pubkeyid);

            Maybe, I just overlooked it or most likely, I just couldn't
 understand it, but one thing is for sure: Im really, really lost.

           But I have a feeling that these  openssl_x509_xxx set of
functions are the answer so if only I can find a more elaborate information
on this (not like on
http://www.php.net/manual/en/function.openssl-x509-read.php
which of course, doesnt contain much),  I think I can pull this off.

            Please help me.

 Happy ThanksGiving,
 Richard





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to