/**
* Verify the revocation of the certificate and the name
*
* @return bool
*/
function checkCertificate()
{
$this->printLn("Verify the certificate");
$path_revocation = $this->revocation;
$certificate = "";
$option = stream_context_get_options($this->target_socket);
if ($option["ssl"]["peer_certificate"]) {
$peer_certificate = $option["ssl"]["peer_certificate"];
openssl_x509_export($peer_certificate, $certificate);
$x509 = new File_X509();
$cert = $x509->loadX509($certificate);
$dn = $x509->getSubjectDN();
$dn = array_pop($dn["rdnSequence"]);
$host = explode(":", $this->target_host);
if ($dn[0]["value"]["printableString"] !== $host[0]) {
$this->printLn("Error : the server name does not match that of the certificate");
return false;
}
$serial = strtoupper($cert['tbsCertificate']['serialNumber']->toHex());
$revocation = file($path_revocation);
if (in_array("{$serial}\n", $revocation, true)) {
$this->printLn("Error : revoked certificate");
return false;
}
return true;
}
$this->printLn("Error : untransmitted certificate");
return false;
}
