php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #18613 [PATCH] Multiple OU in x509 certificate problem
Submitted: 2002-07-28 10:37 UTC Modified: 2005-03-14 22:01 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: agoralski at certum dot pl Assigned: wez (profile)
Status: Closed Package: OpenSSL related
PHP Version: 4CVS-2004-04-12 OS: Linux 2.4.18-grsec
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: agoralski at certum dot pl
New email:
PHP Version: OS:

 

 [2002-07-28 10:37 UTC] agoralski at certum dot pl 
When the certificate has more that one OU (organizationalUnit), the openssl_x509_parse function will return only the last one.

Proposal:

The openssl_x509_parse should return:

[subject][OU][0]='First OU'
[subject][OU][1]='Second OU'

When there is only one OU field the openssl_x509_parse should return:

[subject][OU]='First and only OU'

It's up to the user to check if [subject][OU] is an array IMO.

We can submit a patch :)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-04-06 12:32 UTC] allins at nosc dot mil 
verified on RedHat 9, PHP 4.2.2
output from var_dump of array after openssl_x509_parse was performed. 
There should have been an ["OU"]=> "DoD" before the PKI line

["issuer"]=>
  array(4) {
    ["C"]=>
    string(2) "US"
    ["O"]=>
    string(15) "U.S. Government"
    ["OU"]=>
    string(3) "PKI"
    ["CN"]=>
    string(22) "DOD CLASS 3 EMAIL CA-7"
 [2004-04-07 03:05 UTC] agoralski at certum dot pl 
Multiple OUs are visible in "name" after openssl_x509_parse so here's a quick & dirty workaround:

function get_ous($data) {
    if (strlen(strstr($data,'/OU='))>0) {
        $parts=explode('=', $data);

        for ($i=0, $j=count($parts); $i<$j; $i++) {
            if ($i>0) {
                if (substr($parts[$i-1], strrpos($parts[$i-1], '/')+1)=='OU') {
                    $ret[]=substr($parts[$i], 0, strrpos($parts[$i], '/'));
                }
            }
        }
        return $ret;
    } else {
        return false;
    }
}

$cert=openssl_x509_parse($crt);
$ous=get_ous($cert['name']);
if (is_array($ous)) {
   //your code here
}
 [2005-02-17 10:28 UTC] sniper@php.net 
Here's my try for a patch that makes any multiple
entry (like multiple organisations) to be made into
arrays in the resulting array:

  http://www.php.net/~jani/patches/bug18613.patch
 [2005-03-14 22:01 UTC] sniper@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 13:01:29 2024 UTC