php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #39295 openssl_csr_sign and options
Submitted: 2006-10-28 23:42 UTC Modified: 2008-05-12 09:59 UTC
Votes:5
Avg. Score:5.0 ± 0.0
Reproduced:5 of 5 (100.0%)
Same Version:5 (100.0%)
Same OS:5 (100.0%)
From: bassijunior at yahoo dot com dot br Assigned: pajoye (profile)
Status: Closed Package: Feature/Change Request
PHP Version: 5.1.6 OS: Windows XP
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: bassijunior at yahoo dot com dot br
New email:
PHP Version: OS:

 

 [2006-10-28 23:42 UTC] bassijunior at yahoo dot com dot br 
Description:
------------
Hi, 

I'm developing a project that use a openssl functions.


I need to write the certificate extension in a x.509 certificate  " on the fly". In others words, I will get a data from DB(MYSQL) and then I will write the extension X.509 .

Does the openssl_csr_sign can do this? How can I pass more parameters to this function?

Is it possible? How can I do this?

Thanks!!!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-29 17:51 UTC] pajoye@php.net 
See openssl_csr_new.
 [2006-10-30 00:16 UTC] bassijunior at yahoo dot com dot br 
OK.
I know this function.
But this function is used to create a request.
I want to add extension in the moment of signature.
Thanks
 [2006-10-30 16:30 UTC] pajoye@php.net 
Do you want to create the certificate and sign at the same time?

If not, can you explain what you want with some kind of pseudo code?
 [2006-10-31 01:47 UTC] bassijunior at yahoo dot com dot br 
I will get the certificate request from a Data Base(Mysql).

After that( in other file), I have to sign this request. But, I want to add some extensions in the certificate, in the moment of signature. To sign the request, I use: $usercert_2 = openssl_csr_sign($req_dados, $cert_dados, $pkeyid, 365, $config, time());

Where $config is: $config = array(
   'digest_alg' => 'sha1',
   "config" => "$pwd\\openssl.cnf");

Is there some way to put some extensions in the variable $config?


Thanks!
 [2006-11-05 00:50 UTC] bassijunior at yahoo dot com dot br 
Hi,

I can add fields of DN(distinguished name)using the openssl_csr_new function. $csr = openssl_csr_new($dn, $privkey, $configarg);
I did a test. I placed a subjectAltName in $dn the variable and the openssl_csr_new added a subjectAltName like a distinguished name, but subjectAltName is a extension, not a DN.
$dn = array(
   "countryName" => "$nacionalidade",
   "stateOrProvinceName" => "$estado",
   "localityName" => "$cidade",
   "commonName" => "$commomName",
   "emailAddress" => "$email",
   "subjectAltName" => "123456789",

What is happening? 

Here a certificate:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1162687748 (0x454d3504)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=BR, ST=RJ, L=Rio de Janeiro, O=Home, OU=quarto, CN=Junior/emailAddress=bb@opiiwe.com
        Validity
            Not Before: Nov  5 00:49:08 2006 GMT
            Not After : Nov  5 00:49:08 2007 GMT
        Subject: C=BR, ST=RJ, L=Rio, CN=Jos\xE9 Alberto Bassi/emailAddress=bassijunior@yahoo.com.br/subjectAltName=123456789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:ea:49:5c:e7:5b:59:77:e2:af:1e:1b:b5:6a:08:
                    d2:2b:2c:97:c6:01:9f:2f:44:20:4a:3a:09:47:54:
                    bb:09:af:92:4a:fc:e7:96:6d:8b:06:75:3e:3d:c7:
                    50:60:92:9f:47:26:86:d2:68:3b:1b:26:77:f3:9c:
                    26:fb:59:7e:35:d7:14:8d:86:32:65:36:89:94:20:
                    c6:28:3f:2c:b4:0a:74:8c:ee:14:0c:e5:5a:81:3a:
                    06:4f:2d:41:c7:c9:2e:b1:30:ef:89:fd:e3:5f:d0:
                    37:86:35:2f:67:bd:be:81:cd:c1:93:a9:a1:4a:df:
                    b4:08:1f:a0:8d:f7:fc:8c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
    Signature Algorithm: sha1WithRSAEncryption
        52:82:a4:2f:57:36:43:9a:dd:22:65:73:f8:7c:88:52:18:fc:
        c9:3e:54:50:f1:60:ec:07:4c:a4:3b:97:45:3e:ac:ad:db:37:
        45:71:a1:67:cd:19:ad:e5:ee:21:26:e1:b3:70:18:66:af:b6:
        06:ba:f4:64:95:6c:88:61:93:fc:18:86:7d:28:13:64:ee:a2:
        a6:ad:32:7f:6a:ce:ec:c5:27:80:17:38:c6:2a:4a:ff:9b:77:
        d9:45:a8:73:ef:5f:07:b9:de:ba:81:bd:c9:04:76:0d:36:03:
        43:23:d0:f9:1f:69:fa:05:6f:4c:4c:10:e1:48:88:19:94:ca:
        8d:cd
-----BEGIN CERTIFICATE-----
MIICmTCCAgKgAwIBAgIERU01BDANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
QlIxCzAJBgNVBAgTAlJKMRcwFQYDVQQHEw5SaW8gZGUgSmFuZWlybzENMAsGA1UE
ChMESG9tZTEPMA0GA1UECxMGcXVhcnRvMQ8wDQYDVQQDEwZKdW5pb3IxHDAaBgkq
hkiG9w0BCQEWDWJiQG9waWl3ZS5jb20wHhcNMDYxMTA1MDA0OTA4WhcNMDcxMTA1
MDA0OTA4WjCBgjELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlJKMQwwCgYDVQQHEwNS
aW8xGzAZBgNVBAMUEkpvc+kgQWxiZXJ0byBCYXNzaTEnMCUGCSqGSIb3DQEJARYY
YmFzc2lqdW5pb3JAeWFob28uY29tLmJyMRIwEAYDVR0REwkxMjM0NTY3ODkwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOpJXOdbWXfirx4btWoI0issl8YBny9E
IEo6CUdUuwmvkkr855ZtiwZ1Pj3HUGCSn0cmhtJoOxsmd/OcJvtZfjXXFI2GMmU2
iZQgxig/LLQKdIzuFAzlWoE6Bk8tQcfJLrEw74n941/QN4Y1L2e9voHNwZOpoUrf
tAgfoI33/Iz9AgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqG
SIb3DQEBBQUAA4GBAFKCpC9XNkOa3SJlc/h8iFIY/Mk+VFDxYOwHTKQ7l0U+rK3b
N0VxoWfNGa3l7iEm4bNwGGavtga69GSVbIhhk/wYhn0oE2TuoqatMn9qzuzFJ4AX
OMYqSv+bd9lFqHPvXwe53rqBvckEdg02A0Mj0PkfafoFb0xMEOFIiBmUyo3N
-----END CERTIFICATE-----


Thanks!
 [2006-11-05 13:54 UTC] pajoye@php.net 
Please provide a complete script to reproduce your problem.
 [2006-11-06 00:35 UTC] bassijunior at yahoo dot com dot br 
<?php

Here I get the data from the Database.......

.
.
.

$pwd=getcwd();

$dn = array(
   "countryName" => "$nacionalidade",
   "stateOrProvinceName" => "$estado",
   "localityName" => "$cidade",
   "commonName" => "$commomName",
   "emailAddress" => "$email",
   "subjectAltName" => "123456789"
   
);

$configuracao=array(
 "config" => "$pwd\\openssl.cnf"
 );

$notext = (bool)"";

$privkey = openssl_pkey_new($configuracao);

$csr = openssl_csr_new($dn, $privkey, $configuracao);

openssl_pkey_export_to_file($privkey, "$pwd\\demoCA\\pkey_teste.pem", "$passphrase");

openssl_csr_export_to_file($csr, "$pwd\\demoCA\\csr_teste.pem", $notext);

?>

Is the subjectAltName is a extension, isn't is? But I can put in the $dn variable(distinguished name). I wanted to put a subjectAltName as extension, not as a distinguished name.


Thanks!
 [2006-11-11 01:09 UTC] bassijunior at yahoo dot com dot br 
Hi, 

Some news??

Thanks!
 [2006-11-13 23:18 UTC] pajoye@php.net 
It is a v3 extension.

You have to use array('x509_extensions' => 'sectionname') as configargs, it will use this section from your openssl.cnf . 
And the default value will be set using it.

Can you try it?

However I'm unsure why it fails to fetch them from the config, even using the openssl command line, it does not work.
 [2006-11-21 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2006-11-25 03:03 UTC] bassijunior at yahoo dot com dot br 
I think that the PHP version 5.2 has what I want.

Where can I find a documentation about the new functions implemented in the PHP 5.2?

Thanks!
 [2008-05-12 09:59 UTC] pajoye@php.net 
Here:

http://ww.php.net/openssl
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Nov 16 17:00:02 2025 UTC