|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50293 Several openssl functions ignore the VCWD
Submitted: 2009-11-25 15:05 UTC Modified: 2021-09-21 15:39 UTC
Avg. Score:3.9 ± 0.9
Reproduced:5 of 5 (100.0%)
Same Version:5 (100.0%)
Same OS:3 (60.0%)
From: gufophp at gmail dot com Assigned:
Status: Verified Package: OpenSSL related
PHP Version: 7.4 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: gufophp at gmail dot com
New email:
PHP Version: OS:


 [2009-11-25 15:05 UTC] gufophp at gmail dot com
incorrect path save export file

Reproduce code:
$ssl_configargs = array("digest_alg" => "OPENSSL_ALGO_SHA1",
"private_key_bits" => 384,"encrypt_key" => false,"basicConstraints" => "CA:true","keyUsage" => "cRLSign, keyCertSign",
"nsCertType" => "sslCA, emailCA");
$dn = array("countryName" => 'IT',"stateOrProvinceName" => 'Italy',
"localityName" => 'city',"organizationName" => 'org',
"organizationalUnitName" => 'unit',"commonName" => 'name' ,"emailAddress" => 'mail' );
$numberofdays = '365';
$pkey = openssl_pkey_new( $ssl_configargs );
$csr = openssl_csr_new( $dn, $privkey, $ssl_configargs );
$sscert = openssl_csr_sign( $csr, null, $privkey, $numberofdays );
openssl_csr_export( $csr, $csrout );
openssl_x509_export( $sscert, $certout );
openssl_x509_export_to_file ($sscert ,'crt_509_sk.crt',false);
openssl_pkey_export( $privkey, $pkeyout, $configargs['licence_pwd' ]);

Expected result:

Actual result:
C:\Programmi\Apache Software Foundation\Apache2.2


bug-50293 (last revision 2010-08-12 01:31 UTC by

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-25 18:28 UTC]
I think the case is clear, it looks like we do not use VCWD or php stream's api and it fails to get the actual CWD.

I will take a look at it asap.
 [2010-08-12 03:31 UTC]
The following patch has been added/updated:

Patch Name: bug-50293
Revision:   1281576663
 [2010-08-12 03:31 UTC]
I added a roughly untested patch for this, as I have some issues getting openssl to work in my build env, so the patch is more a theory of how it could be fixed.
 [2017-10-24 07:32 UTC]
-Status: Assigned +Status: Open -Assigned To: pajoye +Assigned To:
 [2021-08-13 11:54 UTC]
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2021-08-13 11:54 UTC]
I think full stream support is out of scope for any of the stable
versions (and there is already request #50718 for that), but ZTS
builds not regarding the CWD should be fixed.
 [2021-08-17 13:21 UTC]
-Summary: openssl_****_export_to_file +Summary: Several openssl functions ignore the VCWD -Operating System: win32 only - apache +Operating System: * -PHP Version: 5.2.11 +PHP Version: 7.4
 [2021-08-31 11:58 UTC]
The following pull request has been associated:

Patch Name: Fix #50293: Several openssl functions ignore the VCWD
On GitHub:
 [2021-09-21 15:39 UTC]
-Assigned To: cmb +Assigned To:
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 23 16:03:36 2021 UTC