PHP :: Bug #21341 :: Calling openssl_csr_sign with a non-null value fails

Bug #21341

Calling openssl_csr_sign with a non-null value fails

Submitted:

2003-01-02 11:49 UTC

Modified:

2003-01-17 22:14 UTC

Votes:	10
Avg. Score:	4.0 ± 1.0
Reproduced:	7 of 7 (100.0%)
Same Version:	1 (14.3%)
Same OS:	0 (0.0%)

From:

larry at smog dot com

Assigned:

Status:

No Feedback

Package:

OpenSSL related

PHP Version:

4.2.3

OS:

RedHat 7.3 (2.4.18-3)

Private report:

CVE-ID:

None

View Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 21 + 23 = ?
Subscribe to this entry?

[2003-01-02 11:49 UTC] larry at smog dot com

When I try to use openssl_csr_sign to sign a CSR with a CA certificate I get no error reports, and program output terminates.

Example code:

$cacert = "file://caselfsigncert.pem";
$cakey = array("file://caselfsignkey.pem", "insecureselfsignkey");

if ($privkey = openssl_pkey_new()) {

    openssl_pkey_export($privkey, $pkeyout, $passphrase);
    print "<h2>priv key</h2><pre>$pkeyout</pre>";
}
if ($csr = openssl_csr_new($dn, $privkey)) {

    openssl_csr_export($csr, $csrout);
    print "<h2>CSR:</h2><pre>$csrout</pre>";
}
if ($cert = openssl_csr_sign($csr, $cacert, $cakey, 365)) {

    openssl_x509_export($cert, $certout);
    print "<h2>x509:</h2><pre>$certout</pre>";
}


I am certain that the $cacert and $cakey files are being properly opened. If I change them to reference an invalid file, PHP returns the appropriate errors. I'm also certain that the key's passphrase is being properly passed, when I change the passphrase I also get the expected errors. 

In fact, OpenSSL returns success, but my program appears to exit. I've tried the openssl_error_string, but it also reports no information. I'm no PHP expert, but it appears as if PHP segfaulting when this function is called. Works fine if I call it with a NULL for the $cacert value (i.e. self-signed). Using the CA cert with the commandline tool openssl works fine too.

Using openssl-0.9.6h.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-01-02 15:27 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

If you still experience a problem try to replicate the problem using CLI sapi and add 
var_dump($csr) before the openssl_csr_sign() function call and 
add var_dump($cert) at the end of the script.

[2003-01-17 22:14 UTC] sniper@php.net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

[2004-06-25 22:11 UTC] sumans at list dot ufl dot edu

Hi,

I dont know if this bug was closed, but I am experiencing the exact same problem now.

I am using the PHP engine and Apache server that came built in Red Hat Linux 9.

I know that the CA certificate is being loaded into the engine (because it complains if I give it a wrong path), but then it just crashes.

No messages, nothing. The PHP engine just stops working and nothing is displayed after the function is called.

Thanks,
Suman

[2004-06-25 22:15 UTC] sumans at list dot ufl dot edu

Sorry for bothering you again, but here is the code:

<? php

$caCertFile = "root.pem";
$req_key = openssl_pkey_new();
openssl_pkey_export_to_file($req_key, "newkey.pem", $_POST[chlPassword]);
if(openssl_pkey_export ($req_key, $out_key)) {
       $dn = array(
               "countryName"            => $_POST[countryName],
               "stateOrProvinceName"    => $_POST[stateName],
               "localityName"           => $_POST[cityName],
               "organizationName"       => $_POST[organizationName],
               "organizationalUnitName" => $_POST[unitName],
               "commonName"             => $_POST[commonName],
               "emailAddress"           => $_POST[emailAddress]
       );
       $req_csr  = openssl_csr_new ($dn, $req_key);
       openssl_csr_export_to_file($req_csr, "newreq.pem");
       $req_cert = openssl_csr_sign($req_csr, "file://$caCertFile", $req_key, 1)
;

?>

I know that root.pem exists, and it is being loaded, but it looks like the PHP engine just crashes at the openssl_csr_sign.

[2006-05-07 18:32 UTC] bassijunior at yahoo dot com dot br

I have the same problem.


I did what it was said in the forum, but I still have a error:
openssl_csr_sign() [function.openssl-csr-sign]: cannot get CSR from parameter 1 

What can I do?

Thanks

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 21:00:01 2025 UTC