|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21341 Calling openssl_csr_sign with a non-null value fails
Submitted: 2003-01-02 11:49 UTC Modified: 2003-01-17 22:14 UTC
Avg. Score:4.0 ± 1.0
Reproduced:7 of 7 (100.0%)
Same Version:1 (14.3%)
Same OS:0 (0.0%)
From: larry at smog dot com Assigned:
Status: No Feedback Package: OpenSSL related
PHP Version: 4.2.3 OS: RedHat 7.3 (2.4.18-3)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
48 - 47 = ?
Subscribe to this entry?

 [2003-01-02 11:49 UTC] larry at smog dot com
When I try to use openssl_csr_sign to sign a CSR with a CA certificate I get no error reports, and program output terminates.

Example code:

$cacert = "file://caselfsigncert.pem";
$cakey = array("file://caselfsignkey.pem", "insecureselfsignkey");

if ($privkey = openssl_pkey_new()) {

    openssl_pkey_export($privkey, $pkeyout, $passphrase);
    print "<h2>priv key</h2><pre>$pkeyout</pre>";
if ($csr = openssl_csr_new($dn, $privkey)) {

    openssl_csr_export($csr, $csrout);
    print "<h2>CSR:</h2><pre>$csrout</pre>";
if ($cert = openssl_csr_sign($csr, $cacert, $cakey, 365)) {

    openssl_x509_export($cert, $certout);
    print "<h2>x509:</h2><pre>$certout</pre>";

I am certain that the $cacert and $cakey files are being properly opened. If I change them to reference an invalid file, PHP returns the appropriate errors. I'm also certain that the key's passphrase is being properly passed, when I change the passphrase I also get the expected errors. 

In fact, OpenSSL returns success, but my program appears to exit. I've tried the openssl_error_string, but it also reports no information. I'm no PHP expert, but it appears as if PHP segfaulting when this function is called. Works fine if I call it with a NULL for the $cacert value (i.e. self-signed). Using the CA cert with the commandline tool openssl works fine too.

Using openssl-0.9.6h.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-02 15:27 UTC]
Please try using this CVS snapshot:
For Windows:

If you still experience a problem try to replicate the problem using CLI sapi and add 
var_dump($csr) before the openssl_csr_sign() function call and 
add var_dump($cert) at the end of the script.
 [2003-01-17 22:14 UTC]
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

 [2004-06-25 22:11 UTC] sumans at list dot ufl dot edu

I dont know if this bug was closed, but I am experiencing the exact same problem now.

I am using the PHP engine and Apache server that came built in Red Hat Linux 9.

I know that the CA certificate is being loaded into the engine (because it complains if I give it a wrong path), but then it just crashes.

No messages, nothing. The PHP engine just stops working and nothing is displayed after the function is called.

 [2004-06-25 22:15 UTC] sumans at list dot ufl dot edu
Sorry for bothering you again, but here is the code:

<? php

$caCertFile = "root.pem";
$req_key = openssl_pkey_new();
openssl_pkey_export_to_file($req_key, "newkey.pem", $_POST[chlPassword]);
if(openssl_pkey_export ($req_key, $out_key)) {
       $dn = array(
               "countryName"            => $_POST[countryName],
               "stateOrProvinceName"    => $_POST[stateName],
               "localityName"           => $_POST[cityName],
               "organizationName"       => $_POST[organizationName],
               "organizationalUnitName" => $_POST[unitName],
               "commonName"             => $_POST[commonName],
               "emailAddress"           => $_POST[emailAddress]
       $req_csr  = openssl_csr_new ($dn, $req_key);
       openssl_csr_export_to_file($req_csr, "newreq.pem");
       $req_cert = openssl_csr_sign($req_csr, "file://$caCertFile", $req_key, 1)


I know that root.pem exists, and it is being loaded, but it looks like the PHP engine just crashes at the openssl_csr_sign.
 [2006-05-07 18:32 UTC] bassijunior at yahoo dot com dot br
I have the same problem.

I did what it was said in the forum, but I still have a error:
openssl_csr_sign() [function.openssl-csr-sign]: cannot get CSR from parameter 1 

What can I do?

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jun 18 22:01:29 2024 UTC