- // Check if the certificate is valid for this hostname
- if (parse_url($url, PHP_URL_SCHEME) == 'https') {
- $port = parse_url($url, PHP_URL_PORT) ?? 443;
-
- $context = stream_context_create(["ssl" => ['capture_peer_cert' => true]]);
-
- $resource = @stream_socket_client('ssl://' . $host . ':' . $port, $errno, $errstr, $xrd_timeout, STREAM_CLIENT_CONNECT, $context);
- if (empty($resource)) {
- Logger::notice('Invalid certificate', ['host' => $host]);
- return false;
- }
-
- $cert = stream_context_get_params($resource);
- if (empty($cert)) {
- Logger::notice('Invalid certificate params', ['host' => $host]);
- return false;
- }
-
- $certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
- if (empty($certinfo)) {
- Logger::notice('Invalid certificate information', ['host' => $host]);
- return false;
- }
-
- $valid_from = date(DATE_RFC2822,$certinfo['validFrom_time_t']);
- $valid_to = date(DATE_RFC2822,$certinfo['validTo_time_t']);
-
- if ($certinfo['validFrom_time_t'] > time()) {
- Logger::notice('Certificate validity starts after current date', ['host' => $host, 'from' => $valid_from, 'to' => $valid_to]);
- return false;
- }
-
- if ($certinfo['validTo_time_t'] < time()) {
- Logger::notice('Certificate validity ends before current date', ['host' => $host, 'from' => $valid_from, 'to' => $valid_to]);
- return false;
- }
- }
-