|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18613 [PATCH] Multiple OU in x509 certificate problem
Submitted: 2002-07-28 10:37 UTC Modified: 2005-03-14 22:01 UTC
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: agoralski at certum dot pl Assigned: wez (profile)
Status: Closed Package: OpenSSL related
PHP Version: 4CVS-2004-04-12 OS: Linux 2.4.18-grsec
Private report: No CVE-ID: None
 [2002-07-28 10:37 UTC] agoralski at certum dot pl
When the certificate has more that one OU (organizationalUnit), the openssl_x509_parse function will return only the last one.


The openssl_x509_parse should return:

[subject][OU][0]='First OU'
[subject][OU][1]='Second OU'

When there is only one OU field the openssl_x509_parse should return:

[subject][OU]='First and only OU'

It's up to the user to check if [subject][OU] is an array IMO.

We can submit a patch :)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-04-06 12:32 UTC] allins at nosc dot mil
verified on RedHat 9, PHP 4.2.2
output from var_dump of array after openssl_x509_parse was performed. 
There should have been an ["OU"]=> "DoD" before the PKI line

  array(4) {
    string(2) "US"
    string(15) "U.S. Government"
    string(3) "PKI"
    string(22) "DOD CLASS 3 EMAIL CA-7"
 [2004-04-07 03:05 UTC] agoralski at certum dot pl
Multiple OUs are visible in "name" after openssl_x509_parse so here's a quick & dirty workaround:

function get_ous($data) {
    if (strlen(strstr($data,'/OU='))>0) {
        $parts=explode('=', $data);

        for ($i=0, $j=count($parts); $i<$j; $i++) {
            if ($i>0) {
                if (substr($parts[$i-1], strrpos($parts[$i-1], '/')+1)=='OU') {
                    $ret[]=substr($parts[$i], 0, strrpos($parts[$i], '/'));
        return $ret;
    } else {
        return false;

if (is_array($ous)) {
   //your code here
 [2005-02-17 10:28 UTC]
Here's my try for a patch that makes any multiple
entry (like multiple organisations) to be made into
arrays in the resulting array:

 [2005-03-14 22:01 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Sep 30 04:01:25 2023 UTC