php操作ssl,亲测可用

php 复制代码

<?php
/**
 * SSL/TLS 证书检测工具 (PHP版)
 * 功能：获取证书信息、TLS版本、加密套件、证书验证、HTTPS请求
 */

// ========== 获取网站证书信息 ==========
function get_certificate_info(string $hostname, int $port = 443): array {
    // 创建SSL上下文
    $context = stream_context_create([
        'ssl' => [
            'verify_peer' => true,
            'verify_peer_name' => true,
            'capture_peer_cert' => true
        ]
    ]);

    // 建立SSL连接
    $socket = @stream_socket_client(
        "ssl://$hostname:$port",
        $errno,
        $errstr,
        10,
        STREAM_CLIENT_CONNECT,
        $context
    );

    if (!$socket) {
        return ['error' => "连接失败: $errstr ($errno)"];
    }

    // 获取证书参数
    $params = stream_context_get_params($context);
    $cert = openssl_x509_parse($params['options']['ssl']['peer_cert']);
    openssl_x509_free($params['options']['ssl']['peer_cert']);
    fclose($socket);

    // 解析证书信息
    $info = [
        'subject' => $cert['subject'] ?? [],
        'issuer' => $cert['issuer'] ?? [],
        'version' => $cert['version'] ?? '',
        'serialNumber' => $cert['serialNumber'] ?? '',
        'notBefore' => date('Y-m-d H:i:s', $cert['validFrom_time_t']),
        'notAfter' => date('Y-m-d H:i:s', $cert['validTo_time_t']),
        'subjectAltName' => $cert['extensions']['subjectAltName'] ?? '',
        'daysUntilExpiry' => 0,
        'isExpiringSoon' => false
    ];

    // 计算剩余天数
    $expireTime = $cert['validTo_time_t'];
    $daysLeft = intval(($expireTime - time()) / 86400);
    $info['daysUntilExpiry'] = $daysLeft;
    $info['isExpiringSoon'] = $daysLeft < 30;

    return $info;
}

// ========== 获取TLS版本 ==========
function get_tls_version(string $hostname, int $port = 443): string {
    $context = stream_context_create(['ssl' => ['verify_peer' => true]]);
    $socket = @stream_socket_client("ssl://$hostname:$port", $_, $__, 10, STREAM_CLIENT_CONNECT, $context);
    if (!$socket) return '连接失败';

    $meta = stream_get_meta_data($socket);
    fclose($socket);
    return $meta['crypto']['protocol'] ?? '未知';
}

// ========== 获取加密套件 ==========
function get_cipher_info(string $hostname, int $port = 443): array {
    $context = stream_context_create(['ssl' => ['verify_peer' => true]]);
    $socket = @stream_socket_client("ssl://$hostname:$port", $_, $__, 10, STREAM_CLIENT_CONNECT, $context);
    if (!$socket) return ['错误' => '连接失败'];

    $meta = stream_get_meta_data($socket);
    fclose($socket);
    return [
        'cipher' => $meta['crypto']['cipher'] ?? '未知',
        'version' => $meta['crypto']['protocol'] ?? '未知',
        'bits' => $meta['crypto']['bits'] ?? '未知'
    ];
}

// ========== 验证证书 ==========
function verify_certificate(string $hostname, int $port = 443): array {
    $result = [
        'hostname' => $hostname,
        'valid' => false,
        'error' => null,
        'details' => []
    ];

    $context = stream_context_create([
        'ssl' => [
            'verify_peer' => true,
            'verify_peer_name' => true,
            'capture_peer_cert' => true
        ]
    ]);

    $socket = @stream_socket_client("ssl://$hostname:$port", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $context);

    if ($socket) {
        $params = stream_context_get_params($context);
        $cert = openssl_x509_parse($params['options']['ssl']['peer_cert']);
        $result['valid'] = true;
        $result['details'] = [
            'subject' => $cert['subject'] ?? [],
            'issuer' => $cert['issuer'] ?? [],
            'tls_version' => stream_get_meta_data($socket)['crypto']['protocol'] ?? '未知'
        ];
        fclose($socket);
    } else {
        $result['error'] = "证书验证失败: $errstr";
    }

    return $result;
}

// ========== 带证书校验的HTTPS请求 ==========
function https_request_with_cert_check(string $url): array {
    $result = [
        'url' => $url,
        'success' => false,
        'status_code' => null,
        'error' => null,
        'headers' => []
    ];

    $context = stream_context_create([
        'http' => [
            'method' => 'GET',
            'header' => 'User-Agent: PHP-SSL-Test',
            'timeout' => 10
        ],
        'ssl' => [
            'verify_peer' => true,
            'verify_peer_name' => true
        ]
    ]);

    $response = @file_get_contents($url, false, $context);

    if ($response !== false) {
        $result['success'] = true;
        $result['status_code'] = 200;
        $result['headers'] = $http_response_header;
    } else {
        $error = error_get_last();
        $result['error'] = $error['message'] ?? '请求失败';
    }

    return $result;
}

// ========== 使用示例 ==========
$hostname = "www.google.com";

echo "=== 证书信息 ===\n";
$certInfo = get_certificate_info($hostname);
print_r("主题: " . json_encode($certInfo['subject']) . "\n");
print_r("颁发者: " . json_encode($certInfo['issuer']) . "\n");
echo "有效期至: {$certInfo['notAfter']}\n";
echo "剩余天数: {$certInfo['daysUntilExpiry']}\n";

echo "\n=== TLS版本 ===\n";
echo "TLS版本: " . get_tls_version($hostname) . "\n";

echo "\n=== 加密套件 ===\n";
$cipher = get_cipher_info($hostname);
echo "套件名称: {$cipher['cipher']}\n";
echo "协议版本: {$cipher['version']}\n";
echo "密钥位数: {$cipher['bits']}\n";

echo "\n=== 证书验证 ===\n";
$verify = verify_certificate($hostname);
echo "验证结果: " . ($verify['valid'] ? '通过' : '失败') . "\n";
if ($verify['error']) echo "错误: {$verify['error']}\n";
?>

<?php /** * SSL/TLS 证书检测工具 (PHP版) * 功能：获取证书信息、TLS版本、加密套件、证书验证、HTTPS请求 */ // ========== 获取网站证书信息 ========== function get_certificate_info(string $hostname, int$ port = 443): array { // 创建SSL上下文 $context = stream_context_create(\[ 'ssl' =\> \[ 'verify_peer' =\> true, 'verify_peer_name' =\> true, 'capture_peer_cert' =\> true \] \]); // 建立SSL连接$ socket = @stream_socket_client( "ssl:// $hostname:$ port", $errno,$ errstr, 10, STREAM_CLIENT_CONNECT, $context ); if (!$ socket) { return ['error' => "连接失败: $errstr ($ errno)"]; } // 获取证书参数 $params = stream_context_get_params($ context); $cert = openssl_x509_parse($ params['options']['ssl']['peer_cert']); openssl_x509_free( $params\['options'\]\['ssl'\]\['peer_cert'\]); fclose($ socket); // 解析证书信息 $info = \[ 'subject' =\>$ cert['subject'] ?? [], 'issuer' => $cert\['issuer'\] ?? \[\], 'version' =\>$ cert['version'] ?? '', 'serialNumber' => $cert\['serialNumber'\] ?? '', 'notBefore' =\> date('Y-m-d H:i:s',$ cert['validFrom_time_t']), 'notAfter' => date('Y-m-d H:i:s', $cert\['validTo_time_t'\]), 'subjectAltName' =\>$ cert['extensions']['subjectAltName'] ?? '', 'daysUntilExpiry' => 0, 'isExpiringSoon' => false ]; // 计算剩余天数 $expireTime =$ cert['validTo_time_t']; $daysLeft = intval(($ expireTime - time()) / 86400); $info\['daysUntilExpiry'\] =$ daysLeft; $info\['isExpiringSoon'\] =$ daysLeft < 30; return $info; } // ========== 获取TLS版本 ========== function get_tls_version(string$ hostname, int $port = 443): string {$ context = stream_context_create(['ssl' => ['verify_peer' => true]]); $socket = @stream_socket_client("ssl://$ hostname: $port",$ , $__, 10, STREAM_CLIENT_CONNECT,$ context); if (! $socket) return '连接失败';$ meta = stream_get_meta_data( $socket); fclose($ socket); return $meta\['crypto'\]\['protocol'\] ?? '未知'; } // ========== 获取加密套件 ========== function get_cipher_info(string$ hostname, int $port = 443): array {$ context = stream_context_create(['ssl' => ['verify_peer' => true]]); $socket = @stream_socket_client("ssl://$ hostname: $port",$ , $__, 10, STREAM_CLIENT_CONNECT,$ context); if (! $socket) return \['错误' =\> '连接失败'\];$ meta = stream_get_meta_data( $socket); fclose($ socket); return [ 'cipher' => $meta\['crypto'\]\['cipher'\] ?? '未知', 'version' =\>$ meta['crypto']['protocol'] ?? '未知', 'bits' => $meta\['crypto'\]\['bits'\] ?? '未知' \]; } // ========== 验证证书 ========== function verify_certificate(string$ hostname, int $port = 443): array {$ result = [ 'hostname' => $hostname, 'valid' =\> false, 'error' =\> null, 'details' =\> \[\] \];$ context = stream_context_create([ 'ssl' => [ 'verify_peer' => true, 'verify_peer_name' => true, 'capture_peer_cert' => true ] ]); $socket = @stream_socket_client("ssl://$ hostname: $port",$ errno, $errstr, 10, STREAM_CLIENT_CONNECT,$ context); if ( $socket) {$ params = stream_context_get_params( $context);$ cert = openssl_x509_parse( $params\['options'\]\['ssl'\]\['peer_cert'\]);$ result['valid'] = true; $result\['details'\] = \[ 'subject' =\>$ cert['subject'] ?? [], 'issuer' => $cert\['issuer'\] ?? \[\], 'tls_version' =\> stream_get_meta_data($ socket)['crypto']['protocol'] ?? '未知' ]; fclose( $socket); } else {$ result['error'] = "证书验证失败: $errstr"; } return$ result; } // ========== 带证书校验的HTTPS请求 ========== function https_request_with_cert_check(string $url): array {$ result = [ 'url' => $url, 'success' =\> false, 'status_code' =\> null, 'error' =\> null, 'headers' =\> \[\] \];$ context = stream_context_create([ 'http' => [ 'method' => 'GET', 'header' => 'User-Agent: PHP-SSL-Test', 'timeout' => 10 ], 'ssl' => [ 'verify_peer' => true, 'verify_peer_name' => true ] ]); $response = @file_get_contents($ url, false, $context); if ($ response !== false) { $result\['success'\] = true;$ result['status_code'] = 200; $result\['headers'\] =$ http_response_header; } else { $error = error_get_last();$ result['error'] = $error\['message'\] ?? '请求失败'; } return$ result; } // ========== 使用示例 ========== $hostname = "www.google.com"; echo "=== 证书信息 ===\\n";$ certInfo = get_certificate_info( $hostname); print_r("主题: " . json_encode($ certInfo['subject']) . "\n"); print_r("颁发者: " . json_encode( $certInfo\['issuer'\]) . "\\n"); echo "有效期至: {$ certInfo['notAfter']}\n"; echo "剩余天数: { $certInfo\['daysUntilExpiry'\]}\\n"; echo "\\n=== TLS版本 ===\\n"; echo "TLS版本: " . get_tls_version($ hostname) . "\n"; echo "\n=== 加密套件 ===\n"; $cipher = get_cipher_info($ hostname); echo "套件名称: { $cipher\['cipher'\]}\\n"; echo "协议版本: {$ cipher['version']}\n"; echo "密钥位数: { $cipher\['bits'\]}\\n"; echo "\\n=== 证书验证 ===\\n";$ verify = verify_certificate( $hostname); echo "验证结果: " . ($ verify['valid'] ? '通过' : '失败') . "\n"; if ( $verify\['error'\]) echo "错误: {$ verify['error']}\n"; ?>