|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21341 Calling openssl_csr_sign with a non-null value fails
Submitted: 2003-01-02 11:49 UTC Modified: 2003-01-17 22:14 UTC
Avg. Score:4.0 ± 1.0
Reproduced:7 of 7 (100.0%)
Same Version:1 (14.3%)
Same OS:0 (0.0%)
From: larry at smog dot com Assigned:
Status: No Feedback Package: OpenSSL related
PHP Version: 4.2.3 OS: RedHat 7.3 (2.4.18-3)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: larry at smog dot com
New email:
PHP Version: OS:


 [2003-01-02 11:49 UTC] larry at smog dot com
When I try to use openssl_csr_sign to sign a CSR with a CA certificate I get no error reports, and program output terminates.

Example code:

$cacert = "file://caselfsigncert.pem";
$cakey = array("file://caselfsignkey.pem", "insecureselfsignkey");

if ($privkey = openssl_pkey_new()) {

    openssl_pkey_export($privkey, $pkeyout, $passphrase);
    print "<h2>priv key</h2><pre>$pkeyout</pre>";
if ($csr = openssl_csr_new($dn, $privkey)) {

    openssl_csr_export($csr, $csrout);
    print "<h2>CSR:</h2><pre>$csrout</pre>";
if ($cert = openssl_csr_sign($csr, $cacert, $cakey, 365)) {

    openssl_x509_export($cert, $certout);
    print "<h2>x509:</h2><pre>$certout</pre>";

I am certain that the $cacert and $cakey files are being properly opened. If I change them to reference an invalid file, PHP returns the appropriate errors. I'm also certain that the key's passphrase is being properly passed, when I change the passphrase I also get the expected errors. 

In fact, OpenSSL returns success, but my program appears to exit. I've tried the openssl_error_string, but it also reports no information. I'm no PHP expert, but it appears as if PHP segfaulting when this function is called. Works fine if I call it with a NULL for the $cacert value (i.e. self-signed). Using the CA cert with the commandline tool openssl works fine too.

Using openssl-0.9.6h.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-02 15:27 UTC]
Please try using this CVS snapshot:
For Windows:

If you still experience a problem try to replicate the problem using CLI sapi and add 
var_dump($csr) before the openssl_csr_sign() function call and 
add var_dump($cert) at the end of the script.
 [2003-01-17 22:14 UTC]
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

 [2004-06-25 22:11 UTC] sumans at list dot ufl dot edu

I dont know if this bug was closed, but I am experiencing the exact same problem now.

I am using the PHP engine and Apache server that came built in Red Hat Linux 9.

I know that the CA certificate is being loaded into the engine (because it complains if I give it a wrong path), but then it just crashes.

No messages, nothing. The PHP engine just stops working and nothing is displayed after the function is called.

 [2004-06-25 22:15 UTC] sumans at list dot ufl dot edu
Sorry for bothering you again, but here is the code:

<? php

$caCertFile = "root.pem";
$req_key = openssl_pkey_new();
openssl_pkey_export_to_file($req_key, "newkey.pem", $_POST[chlPassword]);
if(openssl_pkey_export ($req_key, $out_key)) {
       $dn = array(
               "countryName"            => $_POST[countryName],
               "stateOrProvinceName"    => $_POST[stateName],
               "localityName"           => $_POST[cityName],
               "organizationName"       => $_POST[organizationName],
               "organizationalUnitName" => $_POST[unitName],
               "commonName"             => $_POST[commonName],
               "emailAddress"           => $_POST[emailAddress]
       $req_csr  = openssl_csr_new ($dn, $req_key);
       openssl_csr_export_to_file($req_csr, "newreq.pem");
       $req_cert = openssl_csr_sign($req_csr, "file://$caCertFile", $req_key, 1)


I know that root.pem exists, and it is being loaded, but it looks like the PHP engine just crashes at the openssl_csr_sign.
 [2006-05-07 18:32 UTC] bassijunior at yahoo dot com dot br
I have the same problem.

I did what it was said in the forum, but I still have a error:
openssl_csr_sign() [function.openssl-csr-sign]: cannot get CSR from parameter 1 

What can I do?

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Jul 14 13:01:27 2024 UTC