php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50776 openssl_pkcs7_verify
Submitted: 2010-01-16 06:06 UTC Modified: 2012-02-21 20:32 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: gufophp at gmail dot com Assigned:
Status: No Feedback Package: OpenSSL related
PHP Version: 5.3.1 OS: win32 apache
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-01-16 06:06 UTC] gufophp at gmail dot com
Description:
------------
PKCS7_verify:certificate verify error

Reproduce code:
---------------
<?php
$body = <<<EOD

You have my authorization to spend $10,000 on dinner expenses.

The CEO
EOD;

$key = file_get_contents("test.key");
$crt = file_get_contents("test.crt");
$file = tempnam('', 'mail');
file_put_contents($file, $body); 
$signed = tempnam("", "signed"); // view 1
echo openssl_x509_check_private_key($crt, array($key,"gufogufogufogufogufogufo")) ;
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";
echo "<hr />"; // view 1
$arr = array("To" => "joes@example.com", // keyed syntax
              "From: HQ <ceo@example.com>", // indexed syntax
              "Subject" => "Eyes only");
echo openssl_pkcs7_sign($file, $signed, $crt, array($key, "gufogufogufogufogufogufo"),$arr);
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";
echo "<hr />";
$body = file_get_contents($signed);
file_put_contents("signed.txt",$body);

$pa = "C:\\Programmi\\Apache Software Foundation\\Apache2.2\\htdocs\sign\\";

// error here
echo openssl_pkcs7_verify(
  $pa."signed.txt",
  PKCS7_BINARY,
  $pa.'test3.crt',
  array($pa.'test.crt'),
  $pa.'test.crt',
  $pa.'content.eml'
);
// error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";

?>


Expected result:
----------------
1

Actual result:
--------------
error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-16 19:53 UTC] jani@php.net
Try Google for the error:

"Likewise, if the sender’s certificate isn’t recognized by your OpenSSL infrastructure, you’ll get a similar error"

Looks like your script is buggy.

 [2010-01-24 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-04-25 20:25 UTC] felipe@php.net
-Status: No Feedback +Status: Feedback
 [2010-04-25 20:25 UTC] felipe@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2012-02-21 20:32 UTC] rasmus@php.net
-Status: Feedback +Status: No Feedback
 [2012-02-21 22:05 UTC] gufophp at gmail dot com
please CHECK all certificate in filesysem (pubblic key):

auto signed certificate "root ca"(H0)
-->create and sign certifichate used H0, this certificate is H1
---->create a new certificate used H1 to sign, this certificate is H2

to check certificate(H2) authority ALL certificate is necessary (H0, H1, and H2)
if not have ALL publik key of all cert, cerificate check fail "certificate verify error" 
You have all certificate ?

please update documentation (no bug)
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri May 14 02:01:23 2021 UTC