PHP :: Doc Bug #19820 :: openssl_csr

Doc Bug #19820

openssl_csr_sign

Submitted:

2002-10-08 12:41 UTC

Modified:

2002-12-10 14:23 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

satriani at intax dot pl

Assigned:

wez (profile)

Status:

Closed

Package:

Documentation problem

PHP Version:

4.2.3

OS:

linux PLD

Private report:

CVE-ID:

None

View Developer Edit

[2002-10-08 12:41 UTC] satriani at intax dot pl

<?php
$dn = array(
        "countryName" => "UK",
        "stateOrProvinceName" => "Somerset",
        "localityName" => "Glastonbury",
        "organizationName" => "The Brain Room Limited",
        "organizationalUnitName" => "kontrahent",
        "commonName" => "Janusz Flak",
        "emailAddress" => "wez@thebrainroom.com"
);

$privkey = openssl_pkey_new();
$csr = openssl_csr_new( $dn, $privkey);

$CA_CERT = "file://cacert.pem"; 

$fp = fopen("cakey.pem", "r");
$priv_key = fread($fp, 8192);
fclose($fp);

$pass = 'abracadabra';

$pkeyid = openssl_get_privatekey($priv_key,$pass);

$sscert = openssl_csr_sign($csr, $CA_CERT, $pkeyid, 365);
?>

When $pass == ''
 I have error

Warning: cannot get private key from parameter 3 in  /home/httpd/test.php on
line 32
error:0906A068:PEM routines:PEM_do_header:bad password read

WHEN strlen($pass) > 0 and pass is true
I have "Page not found" or delay.

WHEN strlen($pass) > 0 and pass is bad
I have

Warning: cannot get private key from parameter 3 in /home/httpd/test.php on
line 32
error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt
error:0906A065:PEM routines:PEM_do_header:bad decrypt

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-12-07 01:39 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

[2002-12-10 05:55 UTC] wez@php.net

This is really a user error, but it's understandable given that the documentation for openssl is not very good.

So I'm making this a documentation problem, and will do something about that.

I think that a script like the following will be more useful to you.
I tried a few variations on this myself, and this is the one that worked for me.  I'm using the PHP 4.3 release candidate, but it should work just fine under 4.2 (there have been no significant changes in the openssl ext).

The openssl_*_export functions also have a corresponding openssl_*_export_to_file() function that will save the cert/csr/key to a file instead of a variable.

<?php
   error_reporting(E_ALL);

   /* You should fill in the gaps with your data; using my company name
    * is not going to be much use for you. */
   $dn = array(
           "countryName" => "UK",
           "stateOrProvinceName" => "Somerset",
           "localityName" => "Glastonbury",
           "organizationName" => "The Brain Room Limited",
           "organizationalUnitName" => "Research and Development",
           "commonName" => "Wez Furlong",
           "emailAddress" => "wez@thebrainroom.com"
   );

   /* generate a CSR and a new private key */

   $privkey = openssl_pkey_new();
   $csr = openssl_csr_new($dn, $privkey);
   debug_zval_dump($privkey);
   /* generate a self-signed cert */
   $sscert = openssl_csr_sign($csr, null, $privkey, 365);
   debug_zval_dump($sscert);

   /* save the CSR and CERT and private key */
   openssl_csr_export($csr, $csrout) and debug_zval_dump($csrout);
   openssl_x509_export($sscert, $certout) and debug_zval_dump($certout);
   openssl_pkey_export($privkey, $pkeyout, "mypassword") and debug_zval_dump($pkeyout);

   while (($e = openssl_error_string()) !== false) {
       echo $e . "\n";
   }

   exit(0);

   ?>

[2002-12-10 14:23 UTC] wez@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

I added more detailed information to the english manual.
It will be visible online (and in the downloadable docs) just as soon as they are rebuilt.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Nov 19 14:00:01 2025 UTC