|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50776 openssl_pkcs7_verify
Submitted: 2010-01-16 06:06 UTC Modified: 2012-02-21 20:32 UTC
Avg. Score:4.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: gufophp at gmail dot com Assigned:
Status: No Feedback Package: OpenSSL related
PHP Version: 5.3.1 OS: win32 apache
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: gufophp at gmail dot com
New email:
PHP Version: OS:


 [2010-01-16 06:06 UTC] gufophp at gmail dot com
PKCS7_verify:certificate verify error

Reproduce code:
$body = <<<EOD

You have my authorization to spend $10,000 on dinner expenses.


$key = file_get_contents("test.key");
$crt = file_get_contents("test.crt");
$file = tempnam('', 'mail');
file_put_contents($file, $body); 
$signed = tempnam("", "signed"); // view 1
echo openssl_x509_check_private_key($crt, array($key,"gufogufogufogufogufogufo")) ;
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";
echo "<hr />"; // view 1
$arr = array("To" => "", // keyed syntax
              "From: HQ <>", // indexed syntax
              "Subject" => "Eyes only");
echo openssl_pkcs7_sign($file, $signed, $crt, array($key, "gufogufogufogufogufogufo"),$arr);
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";
echo "<hr />";
$body = file_get_contents($signed);

$pa = "C:\\Programmi\\Apache Software Foundation\\Apache2.2\\htdocs\sign\\";

// error here
echo openssl_pkcs7_verify(
// error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";


Expected result:

Actual result:
error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-16 19:53 UTC]
Try Google for the error:

"Likewise, if the sender’s certificate isn’t recognized by your OpenSSL infrastructure, you’ll get a similar error"

Looks like your script is buggy.

 [2010-01-24 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-04-25 20:25 UTC]
-Status: No Feedback +Status: Feedback
 [2010-04-25 20:25 UTC]
Please try using this snapshot:
For Windows:

 [2012-02-21 20:32 UTC]
-Status: Feedback +Status: No Feedback
 [2012-02-21 22:05 UTC] gufophp at gmail dot com
please CHECK all certificate in filesysem (pubblic key):

auto signed certificate "root ca"(H0)
-->create and sign certifichate used H0, this certificate is H1
---->create a new certificate used H1 to sign, this certificate is H2

to check certificate(H2) authority ALL certificate is necessary (H0, H1, and H2)
if not have ALL publik key of all cert, cerificate check fail "certificate verify error" 
You have all certificate ?

please update documentation (no bug)
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Oct 05 03:01:24 2023 UTC