SSL Context Options for OpenSSL

This section describes how 'SSL context options' defined for ssl:// and tls:// transports can be used to control behaviors of the OpenSSL module.

In previous tutorials, I learned how to turn on the OpenSSL module and retrieve HTTPS page with a single function call: file_get_contents($url).

Now I want to know to how to control the behavior of the OpenSSL module. Particularly, I want to know if the OpenSSL module is performing server certificate verification or not.

After reading many PHP manual pages, I found that controlling OpenSSL's behavior is done by "SSL context options", which is defined for ssl:// and tls:// transports.

As of PHP 5.3.4, major SSL context options are:

Since the default setting for "verify_peer" is FALSE, now I know that the OpenSSL module does not verify HTTPS server certificates by default.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with IE (Internet Explorer) 10

 Using HTTPS with Chrome 40

 Using HTTPS with Firefox 35

 Perl Scripts Communicating with HTTPS Servers

PHP Scripts Communicating with HTTPS Servers

 Configuring PHP OpenSSL on Windows

 Testing OpenSSL with file_get_contents()

 OpenSSL Configuration Errors

SSL Context Options for OpenSSL

 Asking OpenSSL to Verify Server's Certificate

 OpenSSL Failing to Verify Server's Certificate

 Multiple CA Certificates in a Single File

 Testing OpenSSL with fopen()

 Java Programs Communicating with HTTPS Servers

 Certificate Stores and Certificate Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Digital Signature - Microsoft Word 2007

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 PDF Printing Version