Probing SSL cert validity with PHP

Sometimes, you just need to check whether a remote website has a correctly, configured SSL certificate, before you make a request to it.

Today is one of those days. It might surprise you to learn, that one of the neatest ways to check a SSL connection, is to try to open a socket on a URL, using fsockopen(). This can be achieved by attempting to open the domain with a ssl:// prefix, rather than the https:// you might be used to.

Fist we'll create a function that accepts one argument (a URL). Then, we parse this URL, to extract just the host. The handy parse_url() function returns an associative array of the constituent components of the supplied URL. We want just the host, which we'll assign to the variable $tld:

private function verifyURL($domain) : array
{
    $tld = parse_url($domain)['host'];
}

Next, well open a socket connection to the host. Notice we're concatenating ssl:// as the connection type, to the host $tld variable, which is just the host name.

fsockopen('ssl://' . $tld, 443, $errno, $errstr, 5);

When running the $fsockopen function, we need to pass in some variables. 443 is the port which SSL connections are served over.

The $errono and $errstr are variables to hold any error numbers or error strings returned. The final variable is connection timeout in seconds.

The fsockopen() furnction returns false on error, so we can add an if() statement to our code block to check the return value.

fsockopen() will return false, if an SSL connection cannot be made to the host (for whatever reason).

Within our if statement, we update our $errors array to hold a true value against the ssl key.

Final function:

        private function verifyURL($domain) : array {

        #Create an array to hold the variables:
        $errors = array('errors'  => array('ssl' => false));

        #Define variable to hold the host only
        $tld = parse_url($domain)['host'];

        #Check SSL certs
        if (fsockopen('ssl://' . $tld, 443, $errno, $errstr, 30) == false) {

            #If we're here, there was an error? Cannot proceed.
            $errors['errors']['ssl'] = true;
            return $errors;
        }

        #Return our array?
        return $errors;

        }   

Thomas - 10-12-2024