how to check if ssl exists on a webserver through php?

Question

I have this function in a class:

function enable_ssl() {
    if ($_SERVER[HTTPS] != "on") {
        $domain = "https://".$_SERVER['HTTP_HOST'] . "/" . $_SERVER['SCRIPT_NAME'];
        header("Location: {$domain}");
    }
}

The problem is that when the server doesn't have SSL installed and I have this function initiating the page redirects to a 404 page. I was wondering how I can have this function work only when SSL is installed and working?

Is it possible?

Thanks.

P.S.: I did some Google research but couldn't find much of anything.

Answer 1

I have used the code below

$file ="https://mydomain/index.php";        
$file_headers = @get_headers($file);
$DomainName=(!$file_headers || $file_headers[0] == 'HTTP/1.1 404 Not Found')?'http://mydomain':'https://mydomain';

This basically checks if a file can be found (accessed) via HTTPS.

Answer 2

I just use file_get_contents to try and open the same file via https and if it was successful, force a redirect...

    function IsHttps() 
    { 
        return 
            (!empty($_SERVER["HTTPS"]) && (strtolower($_SERVER["HTTPS"])!=="off")) 
            || ($_SERVER["SERVER_PORT"]==443); 
    }

    if (!IsHttps() && extension_loaded("openssl"))
    {
        $target = "https://".$_SERVER["HTTP_HOST"].$_SERVER["PHP_SELF"];
        ini_set("allow_url_fopen", true);
        if (file_get_contents($target)!==false) 
        { 
            header("Location: https://".$_SERVER["HTTP_HOST"].$_SERVER["URL"]); 
            die(); 
        }
    }

Answer 3

This is how wordpress does it:

<?php
function is_ssl() {
if ( isset($_SERVER['HTTPS']) ) {
return true;
if ( '1' == $_SERVER['HTTPS'] )
return true;
} elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
return true;
}
return false;
}
?>

You can use your validation in between 'return true' stuff! Go to: http://tutes.in/2012/02/13/check-if-ssl-exists-on-a-webserver-through-php/ for explanation and more detailed source code.

Answer 4

Extension Loaded!

http://php.net/manual/en/function.extension-loaded.php

e.g.

if(!extension_loaded('openssl'))
{
    throw new Exception('This app needs the Open SSL PHP extension.');
}

Answer 5

I use xampp as my development server on my laptop. I have yet to set up a SSL connection on xampp. My production server does have SSL enabled and also has a valid cert.

I noticed that $_SERVER['HTTPS'] does not exist on my xampp development server, but does exist on my production server.

I am assuming (perhaps incorrectly) that if $_SERVER['HTTPS'] is not set, SSL is not enabled on the server.

<?php

if (isset($_SERVER['HTTPS')) echo 'SSL Exists'
else echo 'No SSL'

?>

Answer 6

You can try to connect to the server using curl. However, I would also try to do a config option. If you use the below, make sure you don't cause an infinite loop.

function ignoreHeader($curl, $headerStr)
{
  return strlen($headerStr);
}

$curl = curl_init("https://example.com/");
curl_setopt($curl, CURLOPT_NOBODY, TRUE);
curl_setopt($curl, CURL_HEADERFUNCTION, 'ignoreHeader');
curl_exec($curl);
$res = curl_errno($curl);

if($res == 0)
{
  $info = curl_getinfo($curl);
  if($info['http_code'] == 200)
  {
    # Supports SSL
    enable_ssl();
  }
}
else
{
  # Doesn't.
}

Answer 7

two ideas

1. Setup a socket connection to port 443 and see if it connects.
2. Read through an apache config file and see if there's anything listening on that port

Answer 8

On a *nix server, you could try parsing the output of netstat -A inet -lnp for a web server listening on port 443. Kinda clunky.

Better option, I'd say, is to make it a configuration option for the user. Let them tell your app if they've got HTTPS enabled.