I'm trying to connect to a third party API and I'm using the Zend 1.7.0 framework to access it. To authenticate, I have to first check an SSL certificate returned from a URL. This is what I'm doing in my code.
$client = new Zend_Http_Client($url);
$response = $client->request('GET');
The response is always OK, and when I navigate to '$url' I can see the certificate if I click on the lock in the bottom right corner of my browser window.
Is there a way to access the certificate's owner, expiration date and other properties via the response object? Do I have to do anything special to the request before sending it to obtain the information about the certificate?
I don't think it's possible with the standard connection adaptor that Zend_Http_Client uses. I did a bit of digging and it looks like the adaptor uses fsockopen which pretty much hide what you're looking for. The way to do it is to open the socket yourself and get the certificate first:
$url = 'mail.google.com'; // For example
$context = stream_context_create();
$res = stream_context_set_option($context, 'ssl', 'capture_peer_cert', true);
$res = stream_context_set_option($context, 'ssl', 'verify_host', true);
if ($socket = stream_socket_client("tls://$url:443/", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context)) {
if ($options = stream_context_get_options($context)) {
if (isset($options['ssl']) && isset($options['ssl']['peer_certificate'])) {
$keyinfo = openssl_x509_parse($options[$wrapper]['peer_certificate']);
var_dump($keyinfo);
}
}
fclose($fp);
}