php - Validate if current ssl is server's ssl -
i've been looking around way check if user has connected website using right (my server's) ssl certificate in php. guess question similar one, except i'm not implying mitm.
i've looked around didn't find way info cert used in current connection , compare servers cert. prevent users connecting other certs.
how 1 go doing this?
short answer
you don't.
longer answerthis possible client certificates. webserver identifies client, not php. php never sees , no environment variables sent/passed php aside https=on. don't verify yourself evaluate true. question linked has answer, , man in middle doesn't mean much. asking solution , ssl man in middle attacks definitive php script.
there no such thing beingness able connect host ssl certificate, unless diginotar-esque happens certificate authority.
if want assurance meant connect site, check host client connected to. if nail ip, , requested certificate it, , verified ca, go on connection, , connect $_server["server_name"] , $_server["https"] == "on"
but, honestly, why worried wrong ssl certificate? flagged user's pc. i'd more worried session decrypting.
php authentication ssl certificate
No comments:
Post a Comment