php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18613 [PATCH] Multiple OU in x509 certificate problem
Submitted: 2002-07-28 10:37 UTC Modified: 2005-03-14 22:01 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: agoralski at certum dot pl Assigned: wez
Status: Closed Package: OpenSSL related
PHP Version: 4CVS-2004-04-12 OS: Linux 2.4.18-grsec
Private report: No CVE-ID:
 [2002-07-28 10:37 UTC] agoralski at certum dot pl
When the certificate has more that one OU (organizationalUnit), the openssl_x509_parse function will return only the last one.

Proposal:

The openssl_x509_parse should return:

[subject][OU][0]='First OU'
[subject][OU][1]='Second OU'

When there is only one OU field the openssl_x509_parse should return:

[subject][OU]='First and only OU'

It's up to the user to check if [subject][OU] is an array IMO.

We can submit a patch :)





Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-04-06 12:32 UTC] allins at nosc dot mil
verified on RedHat 9, PHP 4.2.2
output from var_dump of array after openssl_x509_parse was performed. 
There should have been an ["OU"]=> "DoD" before the PKI line

["issuer"]=>
  array(4) {
    ["C"]=>
    string(2) "US"
    ["O"]=>
    string(15) "U.S. Government"
    ["OU"]=>
    string(3) "PKI"
    ["CN"]=>
    string(22) "DOD CLASS 3 EMAIL CA-7"
 [2004-04-07 03:05 UTC] agoralski at certum dot pl
Multiple OUs are visible in "name" after openssl_x509_parse so here's a quick & dirty workaround:

function get_ous($data) {
    if (strlen(strstr($data,'/OU='))>0) {
        $parts=explode('=', $data);

        for ($i=0, $j=count($parts); $i<$j; $i++) {
            if ($i>0) {
                if (substr($parts[$i-1], strrpos($parts[$i-1], '/')+1)=='OU') {
                    $ret[]=substr($parts[$i], 0, strrpos($parts[$i], '/'));
                }
            }
        }
        return $ret;
    } else {
        return false;
    }
}

$cert=openssl_x509_parse($crt);
$ous=get_ous($cert['name']);
if (is_array($ous)) {
   //your code here
}
 [2005-02-17 10:28 UTC] sniper@php.net
Here's my try for a patch that makes any multiple
entry (like multiple organisations) to be made into
arrays in the resulting array:

  http://www.php.net/~jani/patches/bug18613.patch

 [2005-03-14 22:01 UTC] sniper@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 20:02:01 2014 UTC