jinomial / laravel-ssl
An SSL service for Laravel
Requires
- php: 8.2 - 8.4
- guzzlehttp/guzzle: ^7.9
- illuminate/contracts: ^11.44 || ^12.1
Requires (Dev)
- mockery/mockery: ^1.6
- orchestra/testbench: ^9.11 || ^10.0
- pestphp/pest: ^3.7
- pestphp/pest-plugin-laravel: ^3.0
This package is auto-updated.
Last update: 2025-07-06 02:26:13 UTC
README
An SSL/TLS service and facade for Laravel. Capture peer certificates using 'openssl' or 'stream' drivers, or create your own driver.
Driver | Description |
---|---|
openssl | Executes the openssl command |
stream | PHP's stream_*() functions |
Installation
Install the package via composer:
composer require jinomial/laravel-ssl
The default configuration is to use the openssl driver.
'openssl' => [ 'driver' => 'openssl', ],
Publish the config file to change the default driver:
php artisan vendor:publish --provider="Jinomial\LaravelSsl\SslServiceProvider" --tag="laravel-ssl-config"
Usage
Capture the certificate of jinomial.com:443 using the default driver:
$response = Ssl::show('jinomial.com', 443); print_r($response); // > Response varies by driver
Use a specific driver:
$response = Ssl::driver('stream')->show('jinomial.com', '443', [ // Get the certificate only without the CA Chain. Jinomial\LaravelSsl\Drivers\Stream::OPTION_CHAIN => false, ]);
Multiple lookups at once:
$response = Ssl::show([ ['host' => 'jinomial.com', 'port' => '443'], ['host' => 'www2.jinomial.com', 'port' => '8443'], ]);
openssl driver responses
The openssl driver executes the openssl binary (must be in your $PATH) to retrieve the X509 certificate.
Each response is indexed.
certificate
is the return value from openssl_x509_parse()
.
verification
contains the verification code and verification message.
Array
(
[0] => Array
(
[certificate] => Array
(
[name] => /C=US/ST=California/L=San Francisco/O=Cloudflare, Inc./CN=sni.cloudflaressl.com
[subject] => Array
(
[C] => US
[ST] => California
[L] => San Francisco
[O] => Cloudflare, Inc.
[CN] => sni.cloudflaressl.com
)
[hash] => c959965e
[issuer] => Array
(
[C] => US
[O] => Cloudflare, Inc.
[CN] => Cloudflare Inc ECC CA-3
)
[version] => 2
[serialNumber] => 7490133585878873344260773043003356172
[serialNumberHex] => 05A28C18F8F74ACBCCF6A4542736740C
[validFrom] => 211004000000Z
[validTo] => 221003235959Z
[validFrom_time_t] => 1633305600
[validTo_time_t] => 1664841599
[signatureTypeSN] => ecdsa-with-SHA256
[signatureTypeLN] => ecdsa-with-SHA256
[signatureTypeNID] => 794
[purposes] => Array
(
[1] => Array
(
[0] => 1
[1] =>
[2] => sslclient
)
[2] => Array
(
[0] => 1
[1] =>
[2] => sslserver
)
[3] => Array
(
[0] =>
[1] =>
[2] => nssslserver
)
[4] => Array
(
[0] =>
[1] =>
[2] => smimesign
)
[5] => Array
(
[0] =>
[1] =>
[2] => smimeencrypt
)
[6] => Array
(
[0] =>
[1] =>
[2] => crlsign
)
[7] => Array
(
[0] => 1
[1] => 1
[2] => any
)
[8] => Array
(
[0] => 1
[1] =>
[2] => ocsphelper
)
[9] => Array
(
[0] =>
[1] =>
[2] => timestampsign
)
)
[extensions] => Array
(
[authorityKeyIdentifier] => keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F
[subjectKeyIdentifier] => 1B:20:D1:CD:00:32:24:77:9F:F8:22:94:0F:B6:48:7F:39:B1:BE:C8
[subjectAltName] => DNS:*.jinomial.com, DNS:sni.cloudflaressl.com, DNS:jinomial.com
[keyUsage] => Digital Signature
[extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication
[crlDistributionPoints] =>
Full Name:
URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl
Full Name:
URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl
[certificatePolicies] => Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
[authorityInfoAccess] => OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
[basicConstraints] => CA:FALSE
[ct_precert_scts] => Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:
11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
Timestamp : Oct 4 22:14:44.288 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:48:67:EF:28:F6:F2:B7:C8:F5:0D:7C:3D:
21:7B:D3:C9:37:4E:B2:7C:AC:70:22:9D:7F:4C:75:D1:
27:97:89:9C:02:21:00:D9:44:6B:10:0B:F0:6E:2D:99:
79:77:D7:C8:91:51:C5:E9:50:92:13:EE:99:80:50:FF:
CB:BD:E6:87:5F:47:A6
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 51:A3:B0:F5:FD:01:79:9C:56:6D:B8:37:78:8F:0C:A4:
7A:CC:1B:27:CB:F7:9E:88:42:9A:0D:FE:D4:8B:05:E5
Timestamp : Oct 4 22:14:44.292 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:02:92:85:B2:A1:C6:09:18:E5:F4:48:12:
32:C9:D6:FF:AE:F8:85:DC:E0:06:0D:CB:86:62:5C:E1:
24:6B:F3:7D:02:20:03:20:01:0B:91:19:AD:4A:87:18:
FA:5F:A3:98:13:95:CD:EC:8E:1D:63:22:EB:6A:E2:FE:
33:BC:B1:D8:6C:6B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:
4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
Timestamp : Oct 4 22:14:44.184 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C3:35:6C:A6:27:01:94:88:CF:85:C6:
3D:33:06:08:DE:BB:14:61:D4:34:8C:AD:A4:24:1B:0F:
FB:A7:17:13:EA:02:21:00:AE:AB:D7:C2:22:B6:FA:FE:
7E:20:DA:94:44:18:41:91:DB:98:AC:EA:F8:03:36:57:
D5:7C:33:4B:71:03:05:9B
)
)
[verification] => Array
(
[code] => 0
[message] => ok
)
)
)
The id-ad-caIssuers property can be followed to get the issuer certificate:
$response = Ssl::show( 'http://cacerts.digicert.com/CloudflareIncECCCA-3.crt', 443, ['id-ad-caIssuers' => true] );
stream driver responses
The stream driver uses PHP's stream_*
functions and SSL context to capture entire peer certificate chains.
Each response is indexed. The subindex is the chain sequence with 0 being the host, 1 being the issuer (if not self signed), etc. Results are the return value from openssl_x509_parse()
.
Custom Drivers
Create a class that extends Jinomial\LaravelSsl\Drivers\Driver
.
Implement public function show()
according to the Jinomial\LaravelSsl\Contracts\Ssl\Driver
contract.
Register a driver factory with the Jinomial\LaravelSsl\SslManager
.
/** * Application service provider bootstrap for package services. * * \App\Ssl\Drivers\SslCapture is my custom driver class I made. * The SslManager needs to know how to construct it. */ public function boot(): void { $sslLoader = $this->app->get(\Jinomial\LaravelSsl\SslManager::class); $driverName = 'my-custom-driver'; $sslLoader->extend($driverName, function () use ($driverName) { return new \App\Ssl\Drivers\SslCapture($driverName); }); }
Testing
Run all tests:
composer test
Test suites are separated into "unit" and "integration". Run each suite:
composer test:unit composer test:integration
Tests are grouped into the following groups:
- network
- drivers
- openssl
- manager
- facades
- commands
Run tests for groups:
composer test -- --include=manager,facades
Network tests make remote calls that can take time or fail. Exclude them:
composer test:unit -- --exclude=network
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.