|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #26076 openssl_pkcs7_verify should output the verified mail
Submitted: 2003-11-02 02:17 UTC Modified: 2021-03-05 18:07 UTC
Avg. Score:3.3 ± 0.7
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: ivan dot dolezal at vsb dot cz Assigned: cmb (profile)
Status: Closed Package: OpenSSL related
PHP Version: * OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: ivan dot dolezal at vsb dot cz
New email:
PHP Version: OS:


 [2003-11-02 02:17 UTC] ivan dot dolezal at vsb dot cz
The openssl_pkcs7_verify is able to verify signed e-mail, but I can't get the verified message out of it to process it further.

As OpenSSL shell does have this functionality: switch "-text" in...

openssl smime -verify -CApath /etc/ssl/certs/ -in signedmessage.txt -text

...outputs the message to STDOUT.

Expected result:
a new optional parametr called by reference in the function openssl_pkcs7_verify, that would output the message from the e-mail

Actual result:
Currently there is no (documented) way to get the verified message out of S/MIME. I can verify the message, find out, who signed it (with other functions), but I can't process the message from the mail.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-02 04:52 UTC]
Already have plans to implement this.
 [2010-11-18 23:41 UTC]
-Package: Feature/Change Request +Package: OpenSSL related -Operating System: irrelevant (FreeBSD) +Operating System: * -PHP Version: Irrelevant +PHP Version: *
 [2011-04-24 19:19 UTC] mo at nevali dot net
openssl_pkcs7_verify does nowadays include an optional parameter to output the  
cleartext version of the message to a file — HOWEVER, this parameter cannot be 
used unless the preceding parameters are ALSO used.

This is because although they are optional, there is no default value for the 
$extracerts parameter which can be specified explicitly. The implementation 
checks to see whether the C string (char * extracerts) is NULL or not, which it 
will never be if the parameter is actually specified (even if it's a PHP null 
value, as this will be coerced to the empty string).

This is a slightly awkward problem if you don't actually have any extra 
 [2013-12-13 07:42 UTC]
-Status: Assigned +Status: Open
 [2013-12-13 07:43 UTC]
-Status: Assigned +Status: Open -Assigned To: wez +Assigned To:
 [2017-10-24 01:41 UTC]
-Status: Open +Status: Analyzed
 [2021-03-05 18:07 UTC]
-Status: Analyzed +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-03-05 18:07 UTC]
Indeed, for a very long time there is the $content parameter, and
as of PHP 8.0.0 the prior parameters have usable default values
(besides that you can use named arguments), so I consider this
feature implemented.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Jul 29 04:01:24 2021 UTC