/** * Verify the revocation of the certificate and the name * * @return bool */ function checkCertificate() { $this->printLn("Verify the certificate"); $path_revocation = $this->revocation; $certificate = ""; $option = stream_context_get_options($this->target_socket); if ($option["ssl"]["peer_certificate"]) { $peer_certificate = $option["ssl"]["peer_certificate"]; openssl_x509_export($peer_certificate, $certificate); $x509 = new File_X509(); $cert = $x509->loadX509($certificate); $dn = $x509->getSubjectDN(); $dn = array_pop($dn["rdnSequence"]); $host = explode(":", $this->target_host); if ($dn[0]["value"]["printableString"] !== $host[0]) { $this->printLn("Error : the server name does not match that of the certificate"); return false; } $serial = strtoupper($cert['tbsCertificate']['serialNumber']->toHex()); $revocation = file($path_revocation); if (in_array("{$serial}\n", $revocation, true)) { $this->printLn("Error : revoked certificate"); return false; } return true; } $this->printLn("Error : untransmitted certificate"); return false; }