Summery Summery

Verify the certificate against common name and subject alternative names

Syntax Syntax

Requests_SSL::verify_certificate( string $host, array $cert )

Description Description

Unfortunately, PHP doesn’t check the certificate against the alternative names, leading things like ‘‘ to be invalid. Instead

Parameters Parameters


(string) (Required) Host name to verify against


(array) (Required) Certificate data from openssl_x509_parse()

Return Return


Source Source

File: wp-includes/Requests/SSL.php

	public static function verify_certificate($host, $cert) {
		// Calculate the valid wildcard match if the host is not an IP address
		$parts = explode('.', $host);
		if (ip2long($host) === false) {
			$parts[0] = '*';
		$wildcard = implode('.', $parts);

		$has_dns_alt = false;

		// Check the subjectAltName
		if (!empty($cert['extensions']) && !empty($cert['extensions']['subjectAltName'])) {
			$altnames = explode(',', $cert['extensions']['subjectAltName']);
			foreach ($altnames as $altname) {
				$altname = trim($altname);
				if (strpos($altname, 'DNS:') !== 0) {

				$has_dns_alt = true;

				// Strip the 'DNS:' prefix and trim whitespace
				$altname = trim(substr($altname, 4));

				// Check for a match
				if (self::match_domain($host, $altname) === true) {
					return true;

		// Fall back to checking the common name if we didn't get any dNSName
		// alt names, as per RFC2818
		if (!$has_dns_alt && !empty($cert['subject']['CN'])) {
			// Check for a match
			if (self::match_domain($host, $cert['subject']['CN']) === true) {
				return true;

		return false;


See also See also


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.