php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #21341 Calling openssl_csr_sign with a non-null value fails
Submitted: 2003-01-02 11:49 UTC Modified: 2003-01-17 22:14 UTC
Votes:10
Avg. Score:4.0 ± 1.0
Reproduced:7 of 7 (100.0%)
Same Version:1 (14.3%)
Same OS:0 (0.0%)
From: larry at smog dot com Assigned:
Status: No Feedback Package: OpenSSL related
PHP Version: 4.2.3 OS: RedHat 7.3 (2.4.18-3)
Private report: No CVE-ID: None
View Developer Edit
 [2003-01-02 11:49 UTC] larry at smog dot com 
When I try to use openssl_csr_sign to sign a CSR with a CA certificate I get no error reports, and program output terminates.

Example code:

$cacert = "file://caselfsigncert.pem";
$cakey = array("file://caselfsignkey.pem", "insecureselfsignkey");

if ($privkey = openssl_pkey_new()) {

    openssl_pkey_export($privkey, $pkeyout, $passphrase);
    print "<h2>priv key</h2><pre>$pkeyout</pre>";
}
if ($csr = openssl_csr_new($dn, $privkey)) {

    openssl_csr_export($csr, $csrout);
    print "<h2>CSR:</h2><pre>$csrout</pre>";
}
if ($cert = openssl_csr_sign($csr, $cacert, $cakey, 365)) {

    openssl_x509_export($cert, $certout);
    print "<h2>x509:</h2><pre>$certout</pre>";
}


I am certain that the $cacert and $cakey files are being properly opened. If I change them to reference an invalid file, PHP returns the appropriate errors. I'm also certain that the key's passphrase is being properly passed, when I change the passphrase I also get the expected errors. 

In fact, OpenSSL returns success, but my program appears to exit. I've tried the openssl_error_string, but it also reports no information. I'm no PHP expert, but it appears as if PHP segfaulting when this function is called. Works fine if I call it with a NULL for the $cacert value (i.e. self-signed). Using the CA cert with the commandline tool openssl works fine too.

Using openssl-0.9.6h.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-02 15:27 UTC] iliaa@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

If you still experience a problem try to replicate the problem using CLI sapi and add 
var_dump($csr) before the openssl_csr_sign() function call and 
add var_dump($cert) at the end of the script.
 [2003-01-17 22:14 UTC] sniper@php.net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 [2004-06-25 22:11 UTC] sumans at list dot ufl dot edu 
Hi,

I dont know if this bug was closed, but I am experiencing the exact same problem now.

I am using the PHP engine and Apache server that came built in Red Hat Linux 9.

I know that the CA certificate is being loaded into the engine (because it complains if I give it a wrong path), but then it just crashes.

No messages, nothing. The PHP engine just stops working and nothing is displayed after the function is called.

Thanks,
Suman
 [2004-06-25 22:15 UTC] sumans at list dot ufl dot edu 
Sorry for bothering you again, but here is the code:

<? php

$caCertFile = "root.pem";
$req_key = openssl_pkey_new();
openssl_pkey_export_to_file($req_key, "newkey.pem", $_POST[chlPassword]);
if(openssl_pkey_export ($req_key, $out_key)) {
       $dn = array(
               "countryName"            => $_POST[countryName],
               "stateOrProvinceName"    => $_POST[stateName],
               "localityName"           => $_POST[cityName],
               "organizationName"       => $_POST[organizationName],
               "organizationalUnitName" => $_POST[unitName],
               "commonName"             => $_POST[commonName],
               "emailAddress"           => $_POST[emailAddress]
       );
       $req_csr  = openssl_csr_new ($dn, $req_key);
       openssl_csr_export_to_file($req_csr, "newreq.pem");
       $req_cert = openssl_csr_sign($req_csr, "file://$caCertFile", $req_key, 1)
;

?>

I know that root.pem exists, and it is being loaded, but it looks like the PHP engine just crashes at the openssl_csr_sign.
 [2006-05-07 18:32 UTC] bassijunior at yahoo dot com dot br 
I have the same problem.


I did what it was said in the forum, but I still have a error:
openssl_csr_sign() [function.openssl-csr-sign]: cannot get CSR from parameter 1 

What can I do?

Thanks
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Apr 30 07:01:26 2025 UTC