Getting certificate from smtp in php

Question

Getting certificate from smtp in php

I have a php function that can get a certificate from https connections, can I extend it so that it can also be used on smtp-starttls?

Is it possible to open it as "tcp: //" and after sending the "STARTTLS" command switch it to "ssl: //"?

function ssl_fetch_cert($domain, $port = 443)
{
    $url = "ssl://{$domain}:{$port}";
    $connection_context_option['ssl']['capture_peer_cert'] = TRUE;
    $connection_context = stream_context_create($connection_context_option);
    $connection_client = stream_socket_client($url, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $connection_context);
    $connection_info = stream_context_get_params($connection_client);
    // $sha256 = openssl_x509_fingerprint($connection_info['options']['ssl']['peer_certificate'], 'sha256');
    return $connection_info['options']['ssl']['peer_certificate'];
}

+4

php ssl starttls

Puggan se Nov 14 '15 at 9:36

source share

1 answer

Puggan se · Answer 1 · 2015-11-15T13:32:57+0000

It is useful to use the stream_socket_enable_crypto () function.

$url = "tcp://{$domain}:{$port}";
$connection_client = stream_socket_client($url, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $connection_context);
// timeout fread after 2s
stream_set_timeout($connection_client, 2);
// let the server introduce it self before sending command
fread($connection_client, 10240);
// send STARTTLS command
fwrite($connection_client, "STARTTLS\n");
// wait for server to say its ready, before switching
fread($connection_client, 10240);
// Switching to SSL/TLS
stream_socket_enable_crypto($connection_client, TRUE, STREAM_CRYPTO_METHOD_SSLv23_CLIENT);

https://github.com/puggan/tlsa_validation_php/blob/master/functions.php#L111

Getting certificate from smtp in php

More articles: