php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50776 openssl_pkcs7_verify
Submitted: 2010-01-16 06:06 UTC Modified: 2012-02-21 20:32 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: gufophp at gmail dot com Assigned:
Status: No Feedback Package: OpenSSL related
PHP Version: 5.3.1 OS: win32 apache
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: gufophp at gmail dot com
New email:
PHP Version: OS:

 

 [2010-01-16 06:06 UTC] gufophp at gmail dot com
Description:
------------
PKCS7_verify:certificate verify error

Reproduce code:
---------------
<?php
$body = <<<EOD

You have my authorization to spend $10,000 on dinner expenses.

The CEO
EOD;

$key = file_get_contents("test.key");
$crt = file_get_contents("test.crt");
$file = tempnam('', 'mail');
file_put_contents($file, $body); 
$signed = tempnam("", "signed"); // view 1
echo openssl_x509_check_private_key($crt, array($key,"gufogufogufogufogufogufo")) ;
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";
echo "<hr />"; // view 1
$arr = array("To" => "joes@example.com", // keyed syntax
              "From: HQ <ceo@example.com>", // indexed syntax
              "Subject" => "Eyes only");
echo openssl_pkcs7_sign($file, $signed, $crt, array($key, "gufogufogufogufogufogufo"),$arr);
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";
echo "<hr />";
$body = file_get_contents($signed);
file_put_contents("signed.txt",$body);

$pa = "C:\\Programmi\\Apache Software Foundation\\Apache2.2\\htdocs\sign\\";

// error here
echo openssl_pkcs7_verify(
  $pa."signed.txt",
  PKCS7_BINARY,
  $pa.'test3.crt',
  array($pa.'test.crt'),
  $pa.'test.crt',
  $pa.'content.eml'
);
// error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";

?>


Expected result:
----------------
1

Actual result:
--------------
error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-16 19:53 UTC] jani@php.net
Try Google for the error:

"Likewise, if the sender’s certificate isn’t recognized by your OpenSSL infrastructure, you’ll get a similar error"

Looks like your script is buggy.

 [2010-01-24 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-04-25 20:25 UTC] felipe@php.net
-Status: No Feedback +Status: Feedback
 [2010-04-25 20:25 UTC] felipe@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2012-02-21 20:32 UTC] rasmus@php.net
-Status: Feedback +Status: No Feedback
 [2012-02-21 22:05 UTC] gufophp at gmail dot com
please CHECK all certificate in filesysem (pubblic key):

auto signed certificate "root ca"(H0)
-->create and sign certifichate used H0, this certificate is H1
---->create a new certificate used H1 to sign, this certificate is H2

to check certificate(H2) authority ALL certificate is necessary (H0, H1, and H2)
if not have ALL publik key of all cert, cerificate check fail "certificate verify error" 
You have all certificate ?

please update documentation (no bug)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC