php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28382 the openssl_x509_parse function does not extract the certificate extensions
Submitted: 2004-05-13 09:28 UTC Modified: 2006-07-30 17:04 UTC
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:3 (75.0%)
From: n_sergiu at hotmail dot com Assigned: pajoye (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5CVS, 4CVS (2005-02-17) OS: *
Private report: No CVE-ID: None
 [2004-05-13 09:28 UTC] n_sergiu at hotmail dot com
Description:
------------
When I use the openssl_x509_parse to parse a x509 certificate, the v3 extensions are not included in the output result.

Reproduce code:
---------------
$file = fopen("/home/sergiu/clienttest.crt", "rb");
$cert = fread($file, filesize("/home/sergiu/clienttest.crt"));
print_r(openssl_x509_parse($cert));

Expected result:
----------------
Array
(
    [name] => /C=RO/ST=Romania/L=Craiova/O=XXX/OU=Mobile/CN=teste extens
    [subject] => Array
        (
            [C] => RO
            [ST] => Romania
            [L] => Craiova
            [O] => Sergiu Software
            [OU] => Mobile
            [CN] => teste extens
        )

    [hash] => 33df1a8c
    [issuer] => Array
        (
            [C] => RO
            [ST] => Romania
            [O] => Sergiu Software
            [CN] => Sergiu Software CA
        )

    [version] => 2
    [serialNumber] => 38
    [validFrom] => 030712124551Z
    [validTo] => 040711124551Z
    [validFrom_time_t] => 1058013951
    [validTo_time_t] => 1089549951
    [purposes] => Array
        (
            [1] => Array
                (
                    [0] => 1
                    [1] =>
                    [2] => sslclient
                )

            [2] => Array
                (
                    [0] => 1
                    [1] =>
                    [2] => sslserver
                )

            [3] => Array
                (
                    [0] => 1
                    [1] =>
                    [2] => nssslserver
                )

            [4] => Array
                (
                    [0] => 1
                    [1] =>
                    [2] => smimesign
                )

            [5] => Array
                (
                    [0] => 1
                    [1] =>
                    [2] => smimeencrypt
                )

            [6] => Array
                (
                    [0] =>
                    [1] =>
                    [2] => crlsign
                )

            [7] => Array
                (
                    [0] => 1
                    [1] => 1
                    [2] => any
                )
        )
    [v3extensions] => Array
        (
            [1] => Array
                (
                    [0] => NetscapeComment
                    [1] => 1
                    [2] => For Grid use only; request tag userTag
                 )
            ...........................
        )
)


Actual result:
--------------
Array
(
    [name] => /C=RO/ST=Romania/L=Craiova/O=XXX/OU=Mobile/CN=teste extens
    [subject] => Array
        (
            [C] => RO
            [ST] => Romania
            [L] => Craiova
            [O] => Sergiu Software
            [OU] => Mobile
            [CN] => teste extens
        )

    [hash] => 33df1a8c
    [issuer] => Array
        (
            [C] => RO
            [ST] => Romania
            [O] => Sergiu Software
            [CN] => Sergiu Software CA
        )

    [version] => 2
    [serialNumber] => 38
    [validFrom] => 030712124551Z
    [validTo] => 040711124551Z
    [validFrom_time_t] => 1058013951
    [validTo_time_t] => 1089549951
    [purposes] => Array
        (
            [1] => Array
                (
                    [0] => 1
                    [1] =>
                    [2] => sslclient
                )

            [2] => Array
                (
                    [0] => 1
                    [1] =>
                    [2] => sslserver
                )

            [3] => Array
                (
                    [0] => 1
                    [1] =>
                    [2] => nssslserver
                )

            [4] => Array
                (
                    [0] => 1
                    [1] =>
                    [2] => smimesign
                )

            [5] => Array
                (
                    [0] => 1
                    [1] =>
                    [2] => smimeencrypt
                )

            [6] => Array
                (
                    [0] =>
                    [1] =>
                    [2] => crlsign
                )

            [7] => Array
                (
                    [0] => 1
                    [1] => 1
                    [2] => any
                )
        )
)


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-05-13 10:14 UTC] n_sergiu at hotmail dot com
I managed to insert some line of code in openssl.c, but I would like to see these changes in the next version of php.

PHP_FUNCTION(openssl_x509_parse)
{
        ...
	X509_EXTENSION *extension;
	ASN1_OCTET_STRING *extdata;
	char extstr[20];
	int nid;

        ...
	for (i = 0; i < X509_get_ext_count(cert); i++) {
	    extension = X509_get_ext(cert, i);
	    extdata = X509_EXTENSION_get_data(extension);
	    sprintf(extstr, "ext%i", i);
	    add_assoc_asn1_string(return_value, extstr, extdata);
	}
        /* This is an extension I used for IP address */
	nid = OBJ_create_and_add_object("1.2.3.4", "IP", "Client IP Address");
	extension = X509_get_ext(cert, X509_get_ext_by_NID(cert, nid, 0));
	extdata = X509_EXTENSION_get_data(extension);
	add_assoc_asn1_string(return_value, "1.2.3.4", extdata);
        ...
}
 [2004-05-14 08:46 UTC] n_sergiu at hotmail dot com
Sorry, the error is still there. No v3 extensions are returned by the openssl_x509_parse function.
 [2004-05-14 15:38 UTC] iliaa@php.net
Please provide the applicable certificate file so that we 
have something to test the code with. 
 [2004-05-14 15:47 UTC] n_sergiu at hotmail dot com
Here is a certificate for testing:

-----BEGIN CERTIFICATE-----
MIIEoDCCBAmgAwIBAgIBJzANBgkqhkiG9w0BAQQFADCBkDELMAkGA1UEBhMCUk8x
EDAOBgNVBAgTB1JvbWFuaWExEDAOBgNVBAcTB0NyYWlvdmExDzANBgNVBAoTBlNl
cmdpdTETMBEGA1UECxMKU2VyZ2l1IFNSTDESMBAGA1UEAxMJU2VyZ2l1IENBMSMw
IQYJKoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTAeFw0wNDA1MTQxMzM0
NTZaFw0wNTA1MTQxMzM0NTZaMIGaMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9t
YW5pYTEQMA4GA1UEBxMHQ3JhaW92YTETMBEGA1UEChMKU2VyZ2l1IFNSTDETMBEG
A1UECxMKU2VyZ2l1IFNSTDEYMBYGA1UEAxMPU2VyZ2l1IHBlcnNvbmFsMSMwIQYJ
KoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEApNj7XXz8T8FcLIWpBniPYom3QcT6T7u0xRPHqtqzj5oboBYp
DJe5d354/y0gJTpiLt8+fTrPgWXnbHm3pOHgXzTcX6Arani0GDU0/xDi4VkCRGcS
YqX2sJpcDzAbmK9UDMt3xf/O1B8AJan3RfO0Bm3ozTEPziLMkmsiYr5b/L8CAwEA
AaOCAfwwggH4MAkGA1UdEwQCMAAwNQYJYIZIAYb4QgENBCgWJkZvciBHcmlkIHVz
ZSBvbmx5OyByZXF1ZXN0IHRhZyB1c2VyVGFnMBEGCWCGSAGG+EIBAQQEAwIF4DA/
BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vbW9iaWxlLmJsdWUtc29mdHdhcmUucm86
OTAvY2EvY3JsLnNodG1sMDUGCWCGSAGG+EIBCAQoFiZodHRwOi8vbW9iaWxlLmJs
dWUtc29mdHdhcmUucm86OTAvcHViLzAhBgNVHREEGjAYgRZzZXJnaXVAYmx1ZXNv
ZnR3YXJlLnJvMB0GA1UdDgQWBBSwp//5QRXeIzm93TEPl6CyonTg/DCBpwYDVR0j
BIGfMIGcoYGWpIGTMIGQMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9tYW5pYTEQ
MA4GA1UEBxMHQ3JhaW92YTEPMA0GA1UEChMGU2VyZ2l1MRMwEQYDVQQLEwpTZXJn
aXUgU1JMMRIwEAYDVQQDEwlTZXJnaXUgQ0ExIzAhBgkqhkiG9w0BCQEWFG5fc2Vy
Z2l1QGhvdG1haWwuY29tggEAMAsGA1UdDwQEAwIE8DAjBglghkgBhvhCAQIEFhYU
aHR0cDovLzYyLjIzMS45OC41Mi8wCwYDKgMEBAQ+52I0MA0GCSqGSIb3DQEBBAUA
A4GBAIBIOJ+iiLyQfNJEY+IMefayQea0nmuXYY+F+L1DFjSC7xChytgYoPNnKkhh
3dWPtxbswiqKYUnGi6y3Hi4UhDsOaDW29t2S305hSc2qgjOiNtRYQIVYQ8EHG1k7
Fl63S7uCOhnVJt+4MnUK1N6/pwgsp+Z2GvEsDG1qCKnvNpf6
-----END CERTIFICATE-----
 [2006-07-30 17:04 UTC] pajoye@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2012-02-05 09:32 UTC] rasmus@php.net
Automatic comment from SVN on behalf of rasmus
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=323070
Log: According to the reports on qa this test is failing the same way for everyone.
See: http://qa.php.net/reports/viewreports.php?version=5.3.10&amp;test=%2Fext%2Fopenssl%2Ftests%2Fbug28382.phpt
I'm not sure if this is due to a change in the openssl library or in the extension, so perhaps the test
itself needs to change, but for now synch it with the new output and watch for failures.
 [2012-03-27 13:40 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5f6bed180ea7fc6d33c3d02ccbb9bd4f9fadd465
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2012-03-27 14:40 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e55718b09121c79f3a6b0cfb7c446112fb378402
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2012-03-27 14:41 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7fdd35d697765680050dc81114444d2772962698
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2012-03-27 16:11 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e55718b09121c79f3a6b0cfb7c446112fb378402
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2012-03-27 16:26 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e55718b09121c79f3a6b0cfb7c446112fb378402
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2012-03-27 16:26 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7fdd35d697765680050dc81114444d2772962698
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2012-03-29 04:23 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e55718b09121c79f3a6b0cfb7c446112fb378402
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2012-03-29 04:23 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7fdd35d697765680050dc81114444d2772962698
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2012-04-18 09:45 UTC] laruence@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5f6bed180ea7fc6d33c3d02ccbb9bd4f9fadd465
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2012-07-24 23:36 UTC] rasmus@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5f6bed180ea7fc6d33c3d02ccbb9bd4f9fadd465
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2013-11-17 09:33 UTC] laruence@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5f6bed180ea7fc6d33c3d02ccbb9bd4f9fadd465
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2014-10-07 23:28 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=e55718b09121c79f3a6b0cfb7c446112fb378402
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2014-10-07 23:28 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=7fdd35d697765680050dc81114444d2772962698
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2014-10-07 23:39 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=e55718b09121c79f3a6b0cfb7c446112fb378402
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 [2014-10-07 23:39 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=7fdd35d697765680050dc81114444d2772962698
Log: Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 09:01:32 2024 UTC