php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47863 openssl_csr_sign() does not change serial value
Submitted: 2009-04-01 15:06 UTC Modified: 2009-12-16 01:00 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: laurent dot jouannic at cbsa dot fr Assigned:
Status: No Feedback Package: OpenSSL related
PHP Version: 5.2.9 OS: debian
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: laurent dot jouannic at cbsa dot fr
New email:
PHP Version: OS:

 

 [2009-04-01 15:06 UTC] laurent dot jouannic at cbsa dot fr
Description:
------------
When I manualy sign a certificate from the shell:
./CA.sh -sign
or
openssl ca -policy policy_anything -out newcert.pem -infiles newreq.pem

the value in the file 'serial' increase  ($value++).

When I sign a certificate with php (openssl_csr_sign):
-the serial (file) doesn't change
-the new certificate has a good 'serial' value



Reproduce code:
---------------
	$CAcrt = file_get_contents("/usr/lib/ssl/misc/demoCA/cacert.pem");
	$serial_hexa = file_get_contents("/usr/lib/ssl/misc/demoCA/serial");
	$serial_dec_net=intval($serial_hexa,16); /*04*/

	$CAkey = array(file_get_contents("/usr/lib/ssl/misc/demoCA/private/cakey.pem"), "Gas/ZWmUkz7y2");
	
	echo "--".$serial_hexa."--";
	echo "<br>++".$serian_dec_net."++";
	


	$clientKeys = openssl_pkey_new();
	$dn = array(
		"countryName" => "FR",
		"stateOrProvinceName" => "Ain",
		"localityName" => "Jouan",
		"organizationName" => "Certificat client",
		"organizationalUnitName" => "Info",
		"commonName" => "www.abc.fr",
		"emailAddress" => "lolo@xp.fr"
	);
	$csr = openssl_csr_new($dn, $clientPrivKey);
	
	$config = array(
		"config" => "/etc/ssl/openssl.cnf",
	);

	$cert = openssl_csr_sign($csr, $CAcrt, $CAkey, 1095, $config, '04');
	openssl_x509_export($cert, $certout);
	echo $certout;
	openssl_pkcs12_export_to_file  ( $certout, "tmp/tito.p12"  , $clientPrivKey , "mimine")

Expected result:
----------------
The result is good, as the certificate, but the value inside 'serial' doesn't change....


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-12-08 23:20 UTC] felipe@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2009-12-16 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 18:01:29 2024 UTC