PHP :: Bug #18613 :: [PATCH] Multiple OU in x509 certificate problem

Bug #18613

[PATCH] Multiple OU in x509 certificate problem

Submitted:

2002-07-28 10:37 UTC

Modified:

2005-03-14 22:01 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	1 (50.0%)

From:

agoralski at certum dot pl

Assigned:

wez (profile)

Status:

Closed

Package:

OpenSSL related

PHP Version:

4CVS-2004-04-12

OS:

Linux 2.4.18-grsec

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	agoralski at certum dot pl
New email:
PHP Version:		OS:

New/Additional Comment:

[2002-07-28 10:37 UTC] agoralski at certum dot pl

When the certificate has more that one OU (organizationalUnit), the openssl_x509_parse function will return only the last one.

Proposal:

The openssl_x509_parse should return:

[subject][OU][0]='First OU'
[subject][OU][1]='Second OU'

When there is only one OU field the openssl_x509_parse should return:

[subject][OU]='First and only OU'

It's up to the user to check if [subject][OU] is an array IMO.

We can submit a patch :)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-04-06 12:32 UTC] allins at nosc dot mil

verified on RedHat 9, PHP 4.2.2
output from var_dump of array after openssl_x509_parse was performed. 
There should have been an ["OU"]=> "DoD" before the PKI line

["issuer"]=>
  array(4) {
    ["C"]=>
    string(2) "US"
    ["O"]=>
    string(15) "U.S. Government"
    ["OU"]=>
    string(3) "PKI"
    ["CN"]=>
    string(22) "DOD CLASS 3 EMAIL CA-7"

[2004-04-07 03:05 UTC] agoralski at certum dot pl

Multiple OUs are visible in "name" after openssl_x509_parse so here's a quick & dirty workaround:

function get_ous($data) {
    if (strlen(strstr($data,'/OU='))>0) {
        $parts=explode('=', $data);

        for ($i=0, $j=count($parts); $i<$j; $i++) {
            if ($i>0) {
                if (substr($parts[$i-1], strrpos($parts[$i-1], '/')+1)=='OU') {
                    $ret[]=substr($parts[$i], 0, strrpos($parts[$i], '/'));
                }
            }
        }
        return $ret;
    } else {
        return false;
    }
}

$cert=openssl_x509_parse($crt);
$ous=get_ous($cert['name']);
if (is_array($ous)) {
   //your code here
}

[2005-02-17 10:28 UTC] sniper@php.net

Here's my try for a patch that makes any multiple
entry (like multiple organisations) to be made into
arrays in the resulting array:

  http://www.php.net/~jani/patches/bug18613.patch

[2005-03-14 22:01 UTC] sniper@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 12:01:29 2024 UTC