php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #74715 openssl_pkcs12_export/export_to_file $args undocumented
Submitted: 2017-06-08 17:59 UTC Modified: 2017-11-03 22:13 UTC
From: jelle at vdwaa dot nl Assigned: mjones (profile)
Status: Closed Package: OpenSSL related
PHP Version: 7.2.0alpha1 OS: Arch Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jelle at vdwaa dot nl
New email:
PHP Version: OS:

 

 [2017-06-08 17:59 UTC] jelle at vdwaa dot nl 
Description:
------------
openssl_pkcs12_read returns true when "garbage" is inserted in the optional extra certs. No error is logged, while an error is expected. The test can be executed in php-src's (git repo) in ext/openssl/tests/

Test script:
---------------
$p12 = "./p12_with_extra_certs.p12";
$pass = "qwerty";
openssl_pkcs12_read(file_get_contents($p12), $certs, $pass);
//var_dump($certs);
$ok = openssl_pkcs12_export($certs['cert'], $out, $certs['pkey'], $pass, array('blup'));
var_dump($ok);


Expected result:
----------------
Expect a warning to be throw about "blup" not being a valid X509 certificate.

Actual result:
--------------
bool(true)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-06-08 22:46 UTC] requinix@php.net
-Summary: openssl_pkcs12_export allows invalid extracerts +Summary: openssl_pkcs12_export/export_to_file $args undocumented -Status: Open +Status: Verified -Type: Bug +Type: Documentation Problem
 [2017-06-08 22:46 UTC] requinix@php.net 
The array is checked for "friendly_name" (cert friendly name) and "extracerts" (cert authority chain) keys, whose values are used if present. Extra keys will be ignored.

The friendly_name can be:
- A string

The extracerts can be:
- An x509 resource (eg, from openssl_x509_read)
- Anything accepted by openssl_x509_read, which is:
  * A string (or stringable object) filename prefixed with "file://"
  * A string (or stringable object) with the cert data
- Or an array of any of the above

On that note, openssl_x509_read doesn't have its $x509certdata documented either.
 [2017-11-03 22:12 UTC] mjones@php.net 
Automatic comment from SVN on behalf of mjones
Revision: http://svn.php.net/viewvc/?view=revision&revision=343361
Log: Fix bug #74715: openssl_pkcs12_export documentation
 [2017-11-03 22:13 UTC] mjones@php.net
-Status: Verified +Status: Closed -Assigned To: +Assigned To: mjones
 [2017-11-03 22:13 UTC] mjones@php.net 
documented openssl_x509_read $x509certdata
and for openssl_pkcs12_export documented that extra keys will be ignored.
commit r343361
 [2020-02-07 06:06 UTC] phpdocbot@php.net 
Automatic comment on behalf of mjones
Revision: http://git.php.net/?p=doc/en.git;a=commit;h=904d0aeccde44f12b8e87e326febc091bf3466f9
Log: Fix bug #74715: openssl_pkcs12_export documentation
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Jul 12 13:01:33 2025 UTC