<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Verifies the signature of an S/MIME signed message</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="function.openssl-pkcs7-sign.html">openssl_pkcs7_sign</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.openssl-pkey-export-to-file.html">openssl_pkey_export_to_file</a></div>
<div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="function.openssl-pkcs7-verify" class="refentry">
<div class="refnamediv">
<h1 class="refname">openssl_pkcs7_verify</h1>
<p class="verinfo">(PHP 4 >= 4.0.6, PHP 5)</p><p class="refpurpose"><span class="refname">openssl_pkcs7_verify</span> — <span class="dc-title">Verifies the signature of an S/MIME signed message</span></p>
</div>
<div class="refsect1 description" id="refsect1-function.openssl-pkcs7-verify-description">
<h3 class="title">Description</h3>
<div class="methodsynopsis dc-description">
<span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <span class="methodname"><strong>openssl_pkcs7_verify</strong></span>
( <span class="methodparam"><span class="type">string</span> <code class="parameter">$filename</code></span>
, <span class="methodparam"><span class="type">int</span> <code class="parameter">$flags</code></span>
[, <span class="methodparam"><span class="type">string</span> <code class="parameter">$outfilename</code></span>
[, <span class="methodparam"><span class="type">array</span> <code class="parameter">$cainfo</code></span>
[, <span class="methodparam"><span class="type">string</span> <code class="parameter">$extracerts</code></span>
[, <span class="methodparam"><span class="type">string</span> <code class="parameter">$content</code></span>
]]]] )</div>
<p class="para rdfs-comment">
<span class="function"><strong>openssl_pkcs7_verify()</strong></span> reads the S/MIME message
contained in the given file and examines the digital signature.
</p>
</div>
<div class="refsect1 parameters" id="refsect1-function.openssl-pkcs7-verify-parameters">
<h3 class="title">Parameters</h3>
<p class="para">
<dl>
<dt>
<span class="term"><em><code class="parameter">filename</code></em></span>
<dd>
<p class="para">
Path to the message.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">flags</code></em></span>
<dd>
<p class="para">
<em><code class="parameter">flags</code></em> can be used to affect how the signature is
verified - see <a href="openssl.pkcs7.flags.html" class="link">PKCS7 constants</a>
for more information.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">outfilename</code></em></span>
<dd>
<p class="para">
If the <em><code class="parameter">outfilename</code></em> is specified, it should be a
string holding the name of a file into which the certificates of the
persons that signed the messages will be stored in PEM format.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">cainfo</code></em></span>
<dd>
<p class="para">
If the <em><code class="parameter">cainfo</code></em> is specified, it should hold
information about the trusted CA certificates to use in the verification
process - see <a href="openssl.cert.verification.html" class="link">certificate
verification</a> for more information about this parameter.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">extracerts</code></em></span>
<dd>
<p class="para">
If the <em><code class="parameter">extracerts</code></em> is specified, it is the filename
of a file containing a bunch of certificates to use as untrusted CAs.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">content</code></em></span>
<dd>
<p class="para">
You can specify a filename with <em><code class="parameter">content</code></em> that will
be filled with the verified data, but with the signature information
stripped.
</p>
</dd>
</dt>
</dl>
</p>
</div>
<div class="refsect1 returnvalues" id="refsect1-function.openssl-pkcs7-verify-returnvalues">
<h3 class="title">Return Values</h3>
<p class="para">
Returns <strong><code>TRUE</code></strong> if the signature is verified, <strong><code>FALSE</code></strong> if it is not correct
(the message has been tampered with, or the signing certificate is invalid),
or -1 on error.
</p>
</div>
<div class="refsect1 changelog" id="refsect1-function.openssl-pkcs7-verify-changelog">
<h3 class="title">Changelog</h3>
<p class="para">
<table class="doctable informaltable">
<thead>
<tr>
<th>Version</th>
<th>Description</th>
</tr>
</thead>
<tbody class="tbody">
<tr>
<td>5.1.0</td>
<td>
The <em><code class="parameter">content</code></em> parameter was added.
</td>
</tr>
</tbody>
</table>
</p>
</div>
<div class="refsect1 notes" id="refsect1-function.openssl-pkcs7-verify-notes">
<h3 class="title">Notes</h3>
<blockquote class="note"><p><strong class="note">Note</strong>:
<span class="simpara">
As specified in RFC 2045, lines may not be longer than 76 characters
in the <em><code class="parameter">filename</code></em> parameter.
</span>
</p></blockquote>
</div>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="function.openssl-pkcs7-sign.html">openssl_pkcs7_sign</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.openssl-pkey-export-to-file.html">openssl_pkey_export_to_file</a></div>
<div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
