PHP :: Doc Bug #65186 :: openssl_csr_new allows creation from text

openssl_csr_new allows creation from text

Submitted:

2013-07-02 18:39 UTC

Modified:

2017-10-24 06:43 UTC

Votes:	3
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

lynch@php.net

Assigned:

Status:

Open

Package:

OpenSSL related

PHP Version:

Irrelevant

OS:

N/A

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	lynch@php.net
New email:
PHP Version:		OS:

New Comment:

[2013-07-02 18:39 UTC] lynch@php.net

Description:
------------
---
From manual page: http://www.php.net/function.openssl-csr-new#refsect1-function.openssl-csr-new-parameters
---

It is not documented that:

$csr_resource = openssl_csr_new(array(), file_get_contents('some.csr'));

will return a valid CSR resource.


Test script:
---------------
//Load your private key
 $private_key_resource = openssl_pkey_get_private(file_get_contents('private.pem'));

//Extract the public key
$details = openssl_pkey_get_details($private_key_resource);
$public_key_text = $details['key'];


//Load the text CSR file
$csr_text = file_get_contents('request.csr');
// UNDOCUMENTED FEATURE
$csr_resource = openssl_csr_new(array(), $csr_text);
$csr_public_key_resource = openssl_csr_get_public_key($csr_resource);
$csr_public_key_details = openssl_pkey_get_details($csr_public_key_resource);
$csr_public_key_text = $csr_public_key_details['key'];

//Prove that the CSR is valid, assuming you built it right in the first place
if ($public_key_text != $csr_public_key_text)
{
    echo "The public key doesn't match, so that's not a good CSR.\n";
}
else
{
    echo "Yay! There IS a way to create a CSR resource from text. It's just not documented.\n";
}


Expected result:
----------------
Going strictly by the docs, some kind of error message about wrong type for the CSR, since text is in no way similar to a CSR private key resource.

Actual result:
--------------
It works, thank goodness.

Because if it didn't, there is no way to convert a CSR text file to a CSR resource.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-07-02 19:17 UTC] lynch@php.net

-Status: Open +Status: Verified -Assigned To: +Assigned To: lynch

[2013-07-02 19:17 UTC] lynch@php.net

Hope it's kosher to just decide to fix it myself...

[2017-10-24 05:19 UTC] kalle@php.net

-Status: Verified +Status: Assigned

[2017-10-24 06:43 UTC] kalle@php.net

-Status: Assigned +Status: Open -Assigned To: lynch +Assigned To:

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Dec 04 08:01:29 2024 UTC