Skip to content

Instantly share code, notes, and snippets.

@datibbaw

datibbaw/gist:c52a7106d6b57e783b5c

Last active August 29, 2015 14:04
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save datibbaw/c52a7106d6b57e783b5c to your computer and use it in GitHub Desktop.
Save datibbaw/c52a7106d6b57e783b5c to your computer and use it in GitHub Desktop.
Download ZIP
openssl_x509_fingerprint() and context option
Raw
gistfile1.md

###SSL context option

  • peer_fingerprint: string|array

Aborts when the certificate fingerprint doesn't match the given hash. The behaviour depends on the variable type:

  • when a string is passed, depending on the length MD5 (32) or SHA1 (40) will be used as the hashing algorithm.
  • when an array is passed, the key determines the algorithm (e.g. "sha256") and the corresponding value is used to compare against.

For example:

'peer_fingerprint' => '12341234abcdefab12341234abcdefab' // MD5 hash used

Or:

'peer_fingerprint' => ['sha256' => '12341234abcdefab12341234abcdefab...'] // SHA256 hash used

###Function

openssl_x509_fingerprint(mixed $x509 [, string $algorithm = 'sha1' [, bool $raw_output = false ]])

Description: Calculates the fingerprint, or digest, of a given X.509 certificate.

Arguments:

x509 The examined certificate

algorithm The hash algorithm to use, e.g. "md5" or "sha1"

raw_output When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits.

Return values:

Returns a string containing the calculated certificate fingerprint as lowercase hexits unless raw_output is set to true in which case the raw binary representation of the message digest is returned.

Returns FALSE on failure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment