mrclay/fetch-ssl-cert.php

## fetch-ssl-cert.php
<?php

/**
 * Fetch SSL cert data from a host and (crudely) validate it based on time/domain
 *
 * @param string $host
 * @param int $timeout in seconds
 * @param int $port
 * @param array $sslStreamContextOptions
 * @param int $socketClientErrNum
 * @param string $socketClientError
 * @param string $dateFormat
 * @return array|bool
 */
function fetch_ssl_cert($host,
        $timeout = 1,
        $port = 443,
        array $sslStreamContextOptions = array(),
        &$socketClientErrNum = null,
        &$socketClientError = null,
        $dateFormat = 'Y, M j, g:i A')
{
    if (! function_exists('openssl_x509_parse')) {
        return false;
    }
    $sslStreamContextOptions['capture_peer_cert'] = true;
    $ctx = stream_context_create(array("ssl" => $sslStreamContextOptions));
    $fp = stream_socket_client("ssl://$host:$port", $socketClientErrNum, $socketClientError, $timeout, STREAM_CLIENT_CONNECT, $ctx);
    if ($fp) {
        $cont = stream_context_get_params($fp);
        fclose($fp);
        $cert_data = openssl_x509_parse($cont['options']['ssl']['peer_certificate']);
        $t = time();
        $cn = $cert_data['subject']['CN'];
        $token = md5('');
        $cn = str_replace('*', $token, $cn);
        $cnPattern = '/^' . preg_quote($cn, '/') . '$/';
        $cnPattern = str_replace($token, '.+', $cnPattern);
        return array(
            'isHostValid' => (bool) preg_match($cnPattern, $host),
            'isTimeValid' => ($t > $cert_data['validFrom_time_t'] && $t < $cert_data['validTo_time_t']),
            'secondsRemaining' => ($cert_data['validTo_time_t'] - $t),
            'cn' => $cert_data['subject']['CN'],
            'cnAsPattern' => $cnPattern,
            'validFrom' => date($dateFormat, $cert_data['validFrom_time_t']),
            'validUntil' => date($dateFormat, $cert_data['validTo_time_t']),
            'data' => $cert_data,
        );
    } else {
        return false;
    }
}
	<?php

	/**
	* Fetch SSL cert data from a host and (crudely) validate it based on time/domain
	*
	* @param string $host
	* @param int $timeout in seconds
	* @param int $port
	* @param array $sslStreamContextOptions
	* @param int $socketClientErrNum
	* @param string $socketClientError
	* @param string $dateFormat
	* @return array\|bool
	*/
	function fetch_ssl_cert($host,
	$timeout = 1,
	$port = 443,
	array $sslStreamContextOptions = array(),
	&$socketClientErrNum = null,
	&$socketClientError = null,
	$dateFormat = 'Y, M j, g:i A')
	{
	if (! function_exists('openssl_x509_parse')) {
	return false;
	}
	$sslStreamContextOptions['capture_peer_cert'] = true;
	$ctx = stream_context_create(array("ssl" => $sslStreamContextOptions));
	$fp = stream_socket_client("ssl://$host:$port", $socketClientErrNum, $socketClientError, $timeout, STREAM_CLIENT_CONNECT, $ctx);
	if ($fp) {
	$cont = stream_context_get_params($fp);
	fclose($fp);
	$cert_data = openssl_x509_parse($cont['options']['ssl']['peer_certificate']);
	$t = time();
	$cn = $cert_data['subject']['CN'];
	$token = md5('');
	$cn = str_replace('*', $token, $cn);
	$cnPattern = '/^' . preg_quote($cn, '/') . '$/';
	$cnPattern = str_replace($token, '.+', $cnPattern);
	return array(
	'isHostValid' => (bool) preg_match($cnPattern, $host),
	'isTimeValid' => ($t > $cert_data['validFrom_time_t'] && $t < $cert_data['validTo_time_t']),
	'secondsRemaining' => ($cert_data['validTo_time_t'] - $t),
	'cn' => $cert_data['subject']['CN'],
	'cnAsPattern' => $cnPattern,
	'validFrom' => date($dateFormat, $cert_data['validFrom_time_t']),
	'validUntil' => date($dateFormat, $cert_data['validTo_time_t']),
	'data' => $cert_data,
	);
	} else {
	return false;
	}
	}