wez Mon Apr 2 16:15:03 2001 EDT Modified files: /phpdoc/en/functions openssl.xml Log: Added docs for new S/MIME functions plus more flexible keys/certs parameters.
Index: phpdoc/en/functions/openssl.xml diff -u phpdoc/en/functions/openssl.xml:1.3 phpdoc/en/functions/openssl.xml:1.4 --- phpdoc/en/functions/openssl.xml:1.3 Thu Mar 29 07:16:44 2001 +++ phpdoc/en/functions/openssl.xml Mon Apr 2 16:15:03 2001 @@ -2,6 +2,8 @@ <title>OpenSSL functions</title> <titleabbrev>OpenSSL</titleabbrev> <partintro> + <sect1 id="openssl.intro"> + <title>Introduction</title> <para> This module uses the functions of <ulink url="&url.openssl;">OpenSSL</ulink> for generation and verification @@ -10,11 +12,205 @@ with also work with OpenSSL >= 0.9.5. </para> <para> + New for dev/CVS versions of PHP is support for S/MIME email + signing/verification and encryption/decryption. Also, it is now possible + to specify keys/certs in a vareity of ways that should help make your PHP + code easier to write. + These features will most likely make it into PHP 4.0.6. + <emphasis>Please keep in mind that this extension is still considered + experimental!</emphasis> + </para> + <para> OpenSSL offers many features that this module currently doesn't support. Some of these may be added in the future. </para> + </sect1> + <sect1 id="openssl.certparams"> + <title>Key/Certficate parameters</title> + <para> + Quite a few of the openssl functions require a key or a certificate + parameter. PHP 4.0.5 and earlier have to use a key or certificate resource + returned by one of the openssl_get_xxx functions. Later versions may use + one of the following methods: + <itemizedlist> + <listitem> + <para> + Certificates + <orderedlist> + <listitem><simpara>An X.509 resource returned from + openssl_x509_read</simpara></listitem> + <listitem><simpara>A string having the format + <filename>file://path/to/cert.pem</filename>; the named file must + contain a PEM encoded certificate</simpara></listitem> + <listitem><simpara>A string containing the content of a certificate, + PEM encoded</simpara></listitem> + </orderedlist> + </para> + </listitem> + <listitem> + <para> + Public/Private Keys + <orderedlist> + <listitem><simpara>A key resource returned from + <function>openssl_get_publickey</function> or + <function>openssl_get_privatekey</function></simpara></listitem> + <listitem><simpara>For public keys only: an X.509 + resource</simpara></listitem> + <listitem><simpara>A string having the format + <filename>file://path/to/file.pem</filename> - the named file must + contain a PEM encoded certificate/private key (it may contain + both)</simpara></listitem> + <listitem><simpara>A string containing the content of a + certificate/key, PEM encoded</simpara></listitem> + <listitem><simpara>For private keys, you may also use the syntax + <emphasis>array($key, $passphrase)</emphasis> where $key represents a + key specified using the file:// or textual content notation above, and + $passphrase represents a string containing the passphrase for that + private key</simpara></listitem> + </orderedlist> + </para> + </listitem> + </itemizedlist> + </para> + </sect1> + <sect1 id="openssl.cert.verification"> + <title>Certificate Verification</title> + <para> + When calling a function that will verify a signature/certificate, the + <emphasis>cainfo</emphasis> parameter is an array containing file and + directory names the specify the locations of trusted CA files. If a + directory is specified, then it must be a correctly formed hashed directory + as the <command>openssl</command> command would use. + </para> + </sect1> + <sect1 id="openssl.pkcs7.flags"> + <title>PKCS7 Flags/Constants</title> + <para> + The S/MIME functions make use of flags which are specified using a + bitfield which can include one or more of the following values: + + <table> + <title>PKCS7 CONSTANTS</title> + <tgroup cols="2"> + <thead> + <row> + <entry>Constant</entry> + <entry>Description</entry> + </row> + </thead> + <tbody> + <row> + <entry>PKCS7_TEXT</entry> + <entry>adds text/plain content type headers to encrypted/signed + message. If decrypting or verifying, it strips those headers from + the output - if the decrypted or verified message is not of MIME type + text/plain then an error will occur.</entry> + </row> + <row> + <entry>PKCS7_BINARY</entry> + <entry>normally the input message is converted to "canonical" format + which is effectlively using CR and LF as end of line: as required by + the S/MIME specification. When this options is present, no + translation occurs. This is useful when handling binary data which + may not be in MIME format.</entry> + </row> + <row> + <entry>PKCS7_NOINTERN</entry> + <entry>when verifying a message, certificates (if + any) included in the message are normally searched for the + signing certificate. With this option only the + certificates specified in the <parameter>extracerts</parameter> + parameter of <function>openssl_pkcs7_verify</function> are + used. The supplied certificates can still be used as + untrusted CAs however. + </entry> + </row> + <row> + <entry>PKCS7_NOVERIFY</entry> + <entry>do not verify the signers certificate of a signed + message.</entry> + </row> + <row> + <entry>PKCS7_NOCHAIN</entry> + <entry>do not chain verification of signers certificates: that is + don't use the certificates in the signed message as untrusted CAs. + </entry> + </row> + <row> + <entry>PKCS7_NOCERTS</entry> + <entry>when signing a message the signer's certificate is normally + included - with this option it is excluded. This will reduce the + size of the signed message but the verifier must have a copy of the + signers certificate available locally (passed using the + <parameter>extracerts</parameter> to + <function>openssl_pkcs7_verify</function> for example. + </entry> + </row> + <row> + <entry>PKCS7_NOATTR</entry> + <entry>normally when a message is signed, a set of attributes are + included which include the signing time and the supported symmetric + algorithms. With this option they are not included. + </entry> + </row> + <row> + <entry>PKCS7_DETACHED</entry> + <entry>When signing a message, use cleartext signing with the MIME + type multipart/signed. This is the default if the + <parameter>flags</parameter> parameter to + <function>openssl_pkcs7_sign</function> if you do not specify any + flags. If you turn this option off, the message will be signed using + opaque signing, which is more resistant to translation by mail relays + but cannot be read by mail agents that do not support S/MIME.</entry> + </row> + <row> + <entry>PKCS7_NOSIGS</entry> + <entry>Don't try and verify the signatures on a message</entry> + </row> + </tbody> + </tgroup> + </table> + </para> + </sect1> </partintro> + <refentry id="function.openssl-error-string"> + <refnamediv> + <refname>openssl_error_string</refname> + <refpurpose>Return openSSL error message</refpurpose> + </refnamediv> + <refsect1> + <title>Description</title> + <funcsynopsis> + <funcprototype> + <funcdef>mixed <function>openssl_error_string</function></funcdef> + <paramdef>void<parameter></parameter></paramdef> + </funcprototype> + </funcsynopsis> + <para> + Returns an error message string, or false if there are no more error + messages to return. + </para> + <para> + <function>openssl_error_string</function> returns the last error from the + openSSL library. Error messages are stacked, so this function should be + called multiple times to collect all of the information. + </para> + <para><emphasis>The parameters/return type of this function may change before + it appears in a release version of PHP</emphasis></para> + <para> + <example> + <title><function>openssl_error_string</function> example</title> + <programlisting role="php"> +// lets assume you just called an openssl function that failed +while($msg = openssl_error_string) + echo $msg . "<br>"; + </programlisting> + </example> + </para> + </refsect1> + </refentry> + <refentry id="function.openssl-free-key"> <refnamediv> <refname>openssl_free_key</refname> @@ -25,7 +221,7 @@ <funcsynopsis> <funcprototype> <funcdef>void <function>openssl_free_key</function></funcdef> - <paramdef>int <parameter>key_identifier</parameter></paramdef> + <paramdef>resource <parameter>key_identifier</parameter></paramdef> </funcprototype> </funcsynopsis> <para> @@ -44,13 +240,13 @@ <title>Description</title> <funcsynopsis> <funcprototype> - <funcdef>int <function>openssl_get_privatekey</function></funcdef> - <paramdef>string <parameter>key</parameter></paramdef> + <funcdef>resource <function>openssl_get_privatekey</function></funcdef> + <paramdef>mixed <parameter>key</parameter></paramdef> <paramdef>string <parameter><optional>passphrase</optional></parameter></paramdef> </funcprototype> </funcsynopsis> <para> - Returns a positive key identifier on success, or false on error. + Returns a positive key resource identifier on success, or false on error. </para> <para> <function>openssl_get_privatekey</function> parses the PEM @@ -71,12 +267,12 @@ <title>Description</title> <funcsynopsis> <funcprototype> - <funcdef>int <function>openssl_get_publickey</function></funcdef> - <paramdef>string <parameter>certificate</parameter></paramdef> + <funcdef>resource <function>openssl_get_publickey</function></funcdef> + <paramdef>mixed <parameter>certificate</parameter></paramdef> </funcprototype> </funcsynopsis> <para> - Returns a positive key identifier on success, or false on error. + Returns a positive key resource identifier on success, or false on error. </para> <para> <function>openssl_get_publickey</function> extracts the @@ -100,7 +296,7 @@ <paramdef>string <parameter>sealed_data</parameter></paramdef> <paramdef>string <parameter>open_data</parameter></paramdef> <paramdef>string <parameter>env_key</parameter></paramdef> - <paramdef>int <parameter>priv_key_id</parameter></paramdef> + <paramdef>mixed <parameter>priv_key_id</parameter></paramdef> </funcprototype> </funcsynopsis> <para> @@ -109,9 +305,11 @@ </para> <para> <function>openssl_open</function> opens (decrypts) - <parameter>sealed_data</parameter> using the private key associtated with + <parameter>sealed_data</parameter> using the private key associated with the key identifier <parameter>priv_key_id</parameter> and the envelope key - <parameter>env_key</parameter>. The envelope key is generated when the + <parameter>env_key</parameter>, and fills + <parameter>open_data</parameter> with the decrypted data. + The envelope key is generated when the data are sealed and can only be used by one specific private key. See <function>openssl_seal</function> for more information. </para> @@ -224,7 +422,7 @@ <funcdef>bool <function>openssl_sign</function></funcdef> <paramdef>string <parameter>data</parameter></paramdef> <paramdef>string <parameter>signature</parameter></paramdef> - <paramdef>int <parameter>priv_key_id</parameter></paramdef> + <paramdef>mixed <parameter>priv_key_id</parameter></paramdef> </funcprototype> </funcsynopsis> <para> @@ -277,7 +475,7 @@ <funcdef>int <function>openssl_verify</function></funcdef> <paramdef>string <parameter>data</parameter></paramdef> <paramdef>string <parameter>signature</parameter></paramdef> - <paramdef>int <parameter>pub_key_id</parameter></paramdef> + <paramdef>mixed <parameter>pub_key_id</parameter></paramdef> </funcprototype> </funcsynopsis> <para> @@ -291,6 +489,7 @@ <parameter>pub_key_id</parameter>. This must be the public key corresponding to the private key used for signing. </para> + <para> <example> <title><function>openssl_verify</function> example</title> @@ -322,8 +521,420 @@ </simpara> </refsect1> </refentry> - </reference> + <refentry id="function.openssl-pkcs7-decrypt"> + <refnamediv> + <refname>openssl_pkcs7_decrypt</refname> + <refpurpose>Decrypts an S/MIME encrypted message</refpurpose> + </refnamediv> + <refsect1> + <title>Description</title> + <funcsynopsis> + <funcprototype> + <funcdef>bool <function>openssl_pkcs7_decrypt</function></funcdef> + <paramdef>string <parameter>infilename</parameter></paramdef> + <paramdef>string <parameter>outfilename</parameter></paramdef> + <paramdef>mixed <parameter>recipcert</parameter></paramdef> + <paramdef>mixed <parameter>recipkey</parameter></paramdef> + </funcprototype> + </funcsynopsis> + <para> + Decrypts the S/MIME encrypted message contained in the file specified by + <parameter>infilename</parameter> using the certificate and it's + associated private key specified by <parameter>recipcert</parameter> and + <parameter>recipkey</parameter>. + </para> + <para>The decrypted message is output to the + file specified by <parameter>outfilename</parameter> + </para> + <para><emphasis>The parameters/return type of this function may change before + it appears in a release version of PHP</emphasis></para> + + <para> + <example> + <title><function>openssl_pkcs7_decrypt</function> example</title> + <programlisting role="php"> +// $cert and $key are assumed to contain your personal certificate and private +// key pair, and that you are the recipient of an S/MIME message +$infilename = "encrypted.msg"; // this file holds your encrypted message +$outfilename = "decrypted.msg"; // make sure you can write to this file + +if (openssl_pkcs7_decrypt($infilename, $outfilename, $cert, $key)) + echo "decrypted!"; +else + echo "failed to decrypt!"; + + </programlisting> + </example> + </para> + </refsect1> + </refentry> + + <refentry id="function.openssl-pkcs7-encrypt"> + <refnamediv> + <refname>openssl_pkcs7_encrypt</refname> + <refpurpose>Encrypt an S/MIME message</refpurpose> + </refnamediv> + <refsect1> + <title>Description</title> + <funcsynopsis> + <funcprototype> + <funcdef>bool <function>openssl_pkcs7_encrypt</function></funcdef> + <paramdef>string <parameter>infilename</parameter></paramdef> + <paramdef>string <parameter>outfilename</parameter></paramdef> + <paramdef>mixed <parameter>recipcerts</parameter></paramdef> + <paramdef>array <parameter>headers</parameter></paramdef> + <paramdef>long <parameter><optional>flags</optional></parameter></paramdef> + </funcprototype> + </funcsynopsis> + <para> + <function>openssl_pkcs7_encrypt</function> takes the contents of the + file named <parameter>infilename</parameter> and encrypts them using an RC2 + 40-bit cipher so that they can only be read by the intended recipients + specified by <parameter>recipcerts</parameter>, which is either a + lone X.509 certificate, or an array of X.509 certificates. + <parameter>headers</parameter> is an array of headers that + will be prepended to the data after it has been encrypted. + <parameter>flags</parameter> can be used to specify options that affect + the encoding process - see <link linkend="openssl.pkcs7.flags">PKCS7 + constants</link>. + <parameter>headers</parameter> can be either an associative array + keyed by header name, or an indexed array, where each element contains + a single header line. + </para> + <para><emphasis>The parameters/return type of this function may change before + it appears in a release version of PHP</emphasis></para> + + <para> + <example> + <title><function>openssl_pkcs7_encrypt</function> example</title> + <programlisting role="php"> +// the message you want to encrypt and send to your secret agent +// in the field, known as nighthawk. You have his certificate +// in the file nighthawk.pem +$data = <<<EOD +Nighthawk, + +Top secret, for your eyes only! + +The enemy is closing in! Meet me at the cafe at 8.30am +to collect your forged passport! + +HQ +EOD; +// save message to file +$fp = fopen("msg.txt", "w"); +fwrite($fp, $data); +fclose($fp); +// encrypt it +if (openssl_pkcs7_encrypt("msg.txt", "enc.txt", "nighthawk.pem", + array("To" => "[EMAIL PROTECTED]", // keyed syntax + "From: HQ <[EMAIL PROTECTED]>", // indexed syntax + "Subject" => "Eyes only"))) +{ + // message encrypted - send it! + exec(ini_get("sendmail_path") . " < enc.txt"); +} + </programlisting> + </example> + </para> + </refsect1> + </refentry> + + <refentry id="function.openssl-pkcs7-sign"> + <refnamediv> + <refname>openssl_pkcs7_sign</refname> + <refpurpose>sign an S/MIME message</refpurpose> + </refnamediv> + <refsect1> + <title>Description</title> + <funcsynopsis> + <funcprototype> + <funcdef>bool <function>openssl_pkcs7_sign</function></funcdef> + <paramdef>string <parameter>infilename</parameter></paramdef> + <paramdef>string <parameter>outfilename</parameter></paramdef> + <paramdef>mixed <parameter>signcert</parameter></paramdef> + <paramdef>mixed <parameter>privkey</parameter></paramdef> + <paramdef>array <parameter>headers</parameter></paramdef> + <paramdef>long + <parameter><optional>flags</optional></parameter></paramdef> + <paramdef>string + <parameter><optional>extracertsfilename</optional></parameter></paramdef> + </funcprototype> + </funcsynopsis> + <para> + <function>openssl_pkcs7_sign</function> takes the contents of the file + named <parameter>infilename</parameter> and signs them using the + certificate and it's matching private key specified by + <parameter>signcert</parameter> and <parameter>privkey</parameter> + parameters. + </para> + <para><parameter>headers</parameter> is an array of headers that + will be prepended to the data after it has been signed (see + <function>openssl_pkcs7_encrypt</function> for more information about + the format of this parameter. + </para> + <para> + <parameter>flags</parameter> can be used to alter the output - see <link + linkend="openssl.pkcs7.flags">PKCS7 constants</link> - if not specified, + it defaults to PKCS7_DETACHED. + </para> + <para> + <parameter>extracerts</parameter> specifies the name of a file containing + a bunch of extra certificates to include in the signature which can for + example be used to help the recipient to verify the certificate that you used. + </para> + <para><emphasis>The parameters/return type of this function may change before + it appears in a release version of PHP</emphasis></para> + + <para> + <example> + <title><function>openssl_pkcs7_sign</function> example</title> + <programlisting role="php"> +// the message you want to sign so that recipient can be sure it was you that +// sent it +$data = <<<EOD + +You have my authorization to spend $10,000 on dinner expenses. + +The CEO +HQ +EOD; +// save message to file +$fp = fopen("msg.txt", "w"); +fwrite($fp, $data); +fclose($fp); +// encrypt it +if (openssl_pkcs7_sign("msg.txt", "signed.txt", "mycert.pem", + array("mycert.pem", "mypassphrase"), + array("To" => "[EMAIL PROTECTED]", // keyed syntax + "From: HQ <[EMAIL PROTECTED]>", // indexed syntax + "Subject" => "Eyes only")) +{ + // message signed - send it! + exec(ini_get("sendmail_path") . " < signed.txt"); +} + </programlisting> + </example> + </para> + + </refsect1> + </refentry> + + <refentry id="function.openssl-pkcs7-verify"> + <refnamediv> + <refname>openssl_pkcs7_verify</refname> + <refpurpose>Verifies the signature of an S/MIME signed message</refpurpose> + </refnamediv> + <refsect1> + <title>Description</title> + <funcsynopsis> + <funcprototype> + <funcdef>bool <function>openssl_pkcs7_verify</function></funcdef> + <paramdef>string <parameter>filename</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + <paramdef>string +<parameter><optional>outfilename</optional></parameter></paramdef> + <paramdef>array <parameter><optional>cainfo</optional></parameter></paramdef> + <paramdef>string +<parameter><optional>extracerts</optional></parameter></paramdef> + </funcprototype> + </funcsynopsis> + <para> + <function>openssl_pkcs7_verify</function> reads the S/MIME message + contained in the filename specified by <parameter>filename</parameter> and + examines the digital signature. It returns true if the signature is + verified, false if it is not correct (the message has been tampered with, + or the signing certificate is invalid), or -1 on error. + </para> + <para> + <parameter>flags</parameter> can be used to affect how the signature is + verified - see <link linkend="openssl.pkcs7.flags">PKCS7 constants</link> + for more information. + </para> + <para> + If the <parameter>outfilename</parameter> is specified, it should be a + string holding the name of a file into which the certificates of the + persons that signed the messages will be stored in PEM format. + </para> + <para> + If the <parameter>cainfo</parameter> is specified, it should hold + information about the trusted CA certificates to use in the verification + process - see <link linkend="openssl.cert.verification">certificate + verification</link> for more information about this parameter. + </para> + <para> + If the <parameter>extracerts</parameter> is specified, it is the filename + of a file containing a bunch of certificates to use as untrusted CAs. + </para> + <para><emphasis>The parameters/return type of this function may change before + it appears in a release version of PHP</emphasis></para> + + </refsect1> + </refentry> + + <refentry id="function.openssl-x509-checkpurpose"> + <refnamediv> + <refname>openssl_x509_checkpurpose</refname> + <refpurpose>Verifies if a certificate can be used for a particular + purpose</refpurpose> + </refnamediv> + <refsect1> + <title>Description</title> + <funcsynopsis> + <funcprototype> + <funcdef>bool <function>openssl_x509_checkpurpose</function></funcdef> + <paramdef>mixed <parameter>x509cert</parameter></paramdef> + <paramdef>int <parameter>purpose</parameter></paramdef> + <paramdef>array <parameter>cainfo</parameter></paramdef> + <paramdef>string + <parameter><optional>untrustedfile</optional></parameter></paramdef> + </funcprototype> + </funcsynopsis> + <para> + Returns true if the certificate can be used for the intended purpose, + false if it cannot, or -1 on error. + </para> + <para> + <function>openssl_x509_checkpurpose</function> examines the certificate + specified by <parameter>x509cert</parameter> to see if it can be used for + the purpose specified by <parameter>purpose</parameter>. + </para> + <para> + <parameter>cainfo</parameter> should be an array of trusted CA files/dirs + as described in <link linkend="openssl.cert.verification">Certificate + Verification</link>. + </para> + <para><parameter>untrustedfile</parameter>, if specified, + is the name of a PEM encoded file holding certificates that can be used to + help verify the certificate, although no trust in placed in the + certificates that come from that file. + </para> + <para><emphasis>The parameters/return type of this function may change before + it appears in a release version of PHP</emphasis></para> + <para> + <table> + <title><function>openssl_x509_checkpurpose</function> purposes</title> + <tgroup cols="2"> + <thead> + <row> + <entry>Constant</entry> + <entry>Description</entry> + </row> + </thead> + <tbody> + <row> + <entry>X509_PURPOSE_SSL_CLIENT</entry> + <entry>Can the certificate be used for the client side of an SSL + connection?</entry> + </row> + <row> + <entry>X509_PURPOSE_SSL_SERVER</entry> + <entry>Can the certificate be used for the server side of an SSL + connection?</entry> + </row> + <row> + <entry>X509_PURPOSE_NS_SSL_SERVER</entry> + <entry>Can the cert be used for Netscape SSL server?</entry> + </row> + <row> + <entry>X509_PURPOSE_SMIME_SIGN</entry> + <entry>Can the cert be used to sign S/MIME email?</entry> + </row> + <row> + <entry>X509_PURPOSE_SMIME_ENCRYPT</entry> + <entry>Can the cert be used to encrypt S/MIME email?</entry> + </row> + <row> + <entry>X509_PURPOSE_CRL_SIGN</entry> + <entry>Can the cert be used to sign a certificate revocation list + (CRL)?</entry> + </row> + <row> + <entry>X509_PURPOSE_ANY</entry> + <entry>Can the cert be used for Any/All purposes?</entry> + </row> + </tbody> + </tgroup> + </table> + These options are not bitfields - you may specify one only! + </para> + </refsect1> + </refentry> + + <refentry id="function.openssl-x509-free"> + <refnamediv> + <refname>openssl_x509_free</refname> + <refpurpose>Free certificate resource</refpurpose> + </refnamediv> + <refsect1> + <title>Description</title> + <funcsynopsis> + <funcprototype> + <funcdef>void <function>openssl_x509_free</function></funcdef> + <paramdef>resource <parameter>x509cert</parameter></paramdef> + </funcprototype> + </funcsynopsis> + <para> + <function>openssl_x509_free</function> frees the certificate associated + with the specified <parameter>x509cert</parameter> resource from memory. + </para> + </refsect1> + </refentry> + + <refentry id="function.openssl-x509-parse"> + <refnamediv> + <refname>openssl_x509_parse</refname> + <refpurpose>Parse an X509 certificate and return the information as an + array</refpurpose> + </refnamediv> + <refsect1> + <title>Description</title> + <funcsynopsis> + <funcprototype> + <funcdef>array <function>openssl_x509_parse</function></funcdef> + <paramdef>mixed <parameter>x509cert</parameter></paramdef> + <paramdef>bool + <parameter><optional>shortnames</optional></parameter></paramdef> + </funcprototype> + </funcsynopsis> + <para> + <function>openssl_x509_parse</function> returns information about the + supplied <parameter>x509cert</parameter>, including fields such as subject + name, issuer name, purposes, valid from and valid to dates etc. + <parameter>shortnames</parameter> controls how the data is indexed in the + array - if <parameter>shortnames</parameter> is true (the default) then + fields will be indexed with the short name form, otherwise, the long name + form will be used - e.g.: CN is the shortname form of commonName. + </para> + <para><emphasis>The structure of the returned data is (deliberately) not + yet documented, as it is still subject to change.</emphasis></para> + </refsect1> + </refentry> + + <refentry id="function.openssl-x509-read"> + <refnamediv> + <refname>openssl_x509_read</refname> + <refpurpose>Parse an X.509 certificate and return a resource identifier for + it</refpurpose> + </refnamediv> + <refsect1> + <title>Description</title> + <funcsynopsis> + <funcprototype> + <funcdef>resource <function>openssl_x509_read</function></funcdef> + <paramdef>mixed <parameter>x509certdata</parameter></paramdef> + </funcprototype> + </funcsynopsis> + <para> + <function>openssl_x509_read</function> parses the certificate supplied by + <parameter>x509certdata</parameter> and returns a resource identifier for + it. + </para> + </refsect1> + </refentry> + + + +</reference> <!-- Keep this comment at the end of the file Local variables: mode: sgml @@ -339,4 +950,7 @@ sgml-local-catalogs:nil sgml-local-ecat-files:nil End: +--> +<!-- Keep this comment for vi/vim/gvim +vi: et:ts=1:sw=1:textwidth=78 -->