. function crl_verify($raw_cert_data, $verbose=true) { global $random_blurp; $cert_data = openssl_x509_parse($raw_cert_data); $cert_serial_nm = strtoupper(bcdechex($cert_data['serialNumber'])); $crl_uris = []; $crl_uri = explode("\nFull Name:\n ", $cert_data['extensions']['crlDistributionPoints']); foreach ($crl_uri as $key => $uri) { if (!empty($uri) ) { $uri = explode("URI:", $uri); foreach ($uri as $key => $crluri) { if (!empty($crluri) ) { $crl_uris[] = preg_replace('/\s+/', '', $crluri); } } } } foreach ($crl_uris as $key => $uri) { if (!empty($uri)) { if (0 === strpos($uri, 'http')) { $fp = fopen ("/tmp/" . $random_blurp . "." . $key . ".crl", 'w+'); $ch = curl_init(($uri)); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_FAILONERROR, true); curl_setopt($ch, CURLOPT_FRESH_CONNECT, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); if(curl_exec($ch) === false) { echo '

Curl error: ' . htmlspecialchars(curl_error($ch)) ."

"; } curl_close($ch); if(stat("/tmp/" . $random_blurp . "." . escapeshellcmd($key) . ".crl")['size'] < 10 ) { return false; } $crl_text = shell_exec("openssl crl -noout -text -inform der -in /tmp/" . $random_blurp . "." . escapeshellcmd($key) . ".crl 2>&1"); $crl_last_update = shell_exec("openssl crl -noout -lastupdate -inform der -in /tmp/" . $random_blurp . "." . escapeshellcmd($key) . ".crl"); $crl_next_update = shell_exec("openssl crl -noout -nextupdate -inform der -in /tmp/" . $random_blurp . "." . escapeshellcmd($key) . ".crl"); unlink("/tmp/" . $random_blurp . "." . escapeshellcmd($key) . ".crl"); if ( strpos($crl_text, "unable to load CRL") === 0 ) { if ( $verbose ) { $result = " - CRL invalid. (" . $uri . ")

 " . htmlspecialchars($crl_text) . "

"; return $result; } else { $result = ""; return $result; } } $crl_info = explode("Revoked Certificates:", $crl_text)[0]; $crl_certificates = explode("Revoked Certificates:", $crl_text)[1]; $crl_certificates = explode("Serial Number:", $crl_certificates); $revcert = array('bla' => "die bla"); foreach ($crl_certificates as $key => $revoked_certificate) { if (!empty($revoked_certificate)) { $revcert[str_replace(" ", "", explode("\n", $revoked_certificate)[0])] = str_replace(" Revocation Date: ", "", explode("\n", $revoked_certificate)[1]); } } if( array_key_exists($cert_serial_nm, $revcert) ) { if ( $verbose ) { $result = " - REVOKED on " . $revcert[$cert_serial_nm] . ". " . $uri . "

        " . $crl_last_update . "        " . $crl_next_update . "

"; } else { $result = ""; } } else { if ( $verbose ) { $result = " - " . $uri . "

        " . $crl_last_update . "        " . $crl_next_update . "

"; } else { $result = ""; } } return $result; } } } } ?>