PHP :: Bug #74341 :: openssl_x509_parse fails to parse ASN.1 UTCTime without seconds

Bug #74341	openssl_x509_parse fails to parse ASN.1 UTCTime without seconds
Submitted:	2017-03-30 14:14 UTC	Modified:	2017-03-30 14:44 UTC
From:	moritz at mertinkat dot net	Assigned:
Status:	Closed	Package:	OpenSSL related
PHP Version:	7.0.17	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	moritz at mertinkat dot net
New email:
PHP Version:		OS:

New Comment:

[2017-03-30 14:14 UTC] moritz at mertinkat dot net

Description:
------------
openssl_x509_parse fails to parse ASN.1 UTCTime without seconds, see
https://www.obj-sys.com/asn1tutorial/node15.html


Test script:
---------------
<?php

$pem_cert = '
-----BEGIN CERTIFICATE-----
MIIGFDCCBPygAwIBAgIDKCHVMA0GCSqGSIb3DQEBBQUAMIHcMQswCQYDVQQGEwJV
UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE
ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE5MDcGA1UECxMwaHR0cDov
L2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5MTEwLwYD
VQQDEyhTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREw
DwYDVQQFEwgxMDY4ODQzNTAcFwsxNDAxMDcwMDAwWhcNMTYwNDAxMDcwMDAwWjCB
6zETMBEGCysGAQQBgjc8AgEDEwJVUzEYMBYGCysGAQQBgjc8AgECEwdBcml6b25h
MR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEUMBIGA1UEBRMLUi0xNzI0
NzQxLTYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpT
Y290dHNkYWxlMSQwIgYDVQQKExtTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBMTEMx
KzApBgNVBAMTInZhbGlkLnNmaS5jYXRlc3Quc3RhcmZpZWxkdGVjaC5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt1LHQOza9tkKxwGL+/yKi/Fe5
HM0sjvcM4ic1XVrvpewa4P/04IzGSjIGO3CXaSArxQMSzsTt2dcO9tSJ1Zk8c9NZ
XM8eVqx92iTMEf9OQcubWpzWmrPc3TAFhbVnfEmCptsXEgtxbAIbntrNeDk/hBPd
l4DYFYRdm3ZTk4JMIf/quDZe5Oti53J0UsxWXSSoqKyPNdb671Q+OTQfSDj7kVF4
+Ri3FIeAV16d2UnpBW1bgNqA5yITRskHE4bX98HDNHUTHioHpgA+fXfejWkGB/0F
QN4HbZcysYHhf1L5cWBtz9w5J00YmjM5fzWvTc3UUF9ou7m7JE4aqEbNOWb9AgMB
AAGjggHOMIIByjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwLQYDVR0RBCYwJIIidmFsaWQuc2ZpLmNh
dGVzdC5zdGFyZmllbGR0ZWNoLmNvbTAdBgNVHQ4EFgQUcO+QEqZcHphPW9szww9t
y+1AGmQwHwYDVR0jBBgwFoAUSUtSJ9EbvPKhIWpie1FCeorX1VYwOAYDVR0fBDEw
LzAtoCugKYYnaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZnMzLTAuY3Js
MIGNBggrBgEFBQcBAQSBgDB+MCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFy
ZmllbGR0ZWNoLmNvbS8wUAYIKwYBBQUHMAKGRGh0dHA6Ly9jZXJ0aWZpY2F0ZXMu
c3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZl9pbnRlcm1lZGlhdGUuY3J0
MFIGA1UdIARLMEkwRwYLYIZIAYb9bgEHFwMwODA2BggrBgEFBQcCARYqaHR0cDov
L2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEB
BQUAA4IBAQAViYkLUjQkxWRmZl4DutL0/9/wJSURcJ1qunLP+TImJFp0A9RE/MNK
ZOmQoAEoH6hMg7FL4etkvTcnruTdcx+3mvqYiECUiUEx6pkx3dmkYgZACEuk2nfy
J0MkV/zwzqmI8aV+kunpOQv93aePZbrBgaAzkE8jDlExtd7c4pE7JF40jxmvDwjZ
HwpyNDULreGtFBij7JcWJCfihM3uetqrao0kOoeih1PQyJXtz2RldhFYs6Jdk3IL
Yv+84t5UMO+aS9nVBXIcbgaGjIMZjHDgR/tE9FKFB66k8UTDzAwwEs38VV24zx6h
lOzTF7xAUxmPUnNb2teatMf2Rmj0fs+d
-----END CERTIFICATE-----
';

$parsed_cert = openssl_x509_parse($pem_cert);

printf("Valid from: %s, (%d)\n", date('Y-m-d H:i:s', $parsed_cert['validFrom_time_t']), $parsed_cert['validFrom_time_t']);
printf("Valid   to: %s, (%d)\n", date('Y-m-d H:i:s', $parsed_cert['validTo_time_t']), $parsed_cert['validTo_time_t']);


Expected result:
----------------
Valid from: 2014-01-07 00:00:00, (1389052800)
Valid   to: 2016-04-01 07:00:00, (1459494000)


Actual result:
--------------
PHP Warning:  openssl_x509_parse(): unable to parse time string 1401070000Z correctly in /home/maurice/test-asn1time.php on line 41
PHP Stack trace:
PHP   1. {main}() /home/maurice/test-asn1time.php:0
PHP   2. openssl_x509_parse() /home/maurice/test-asn1time.php:41
Valid from: 1970-01-01 00:59:59, (-1)
Valid   to: 2016-04-01 09:00:00, (1459494000)

Patches

Pull Requests

Pull requests:

Fix #74341: openssl_x509_parse fails to parse ASN.1 UTCTime without seconds (php-src/2444)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-03-30 14:44 UTC] requinix@php.net

-Status: Open +Status: Verified

[2017-03-30 14:44 UTC] requinix@php.net

They don't make it easy to find an official source but it does seem that seconds are optional in UTCTime. And the PR has the sort of changes I would expect to see.

[2017-03-30 19:24 UTC] moritz at mertinkat dot net

Added a test for the fix.

[2017-04-01 23:09 UTC] nikic@php.net

Automatic comment on behalf of moritz@mertinkat.net
Revision: http://git.php.net/?p=php-src.git;a=commit;h=46d286574bdf49d568a21283e4f7f6fb91a1480b
Log: Fixed bug #74341

[2017-04-01 23:09 UTC] nikic@php.net

-Status: Verified +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 14:01:29 2024 UTC