|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50776 openssl_pkcs7_verify
Submitted: 2010-01-16 06:06 UTC Modified: 2012-02-21 20:32 UTC
Avg. Score:4.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: gufophp at gmail dot com Assigned:
Status: No Feedback Package: OpenSSL related
PHP Version: 5.3.1 OS: win32 apache
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
48 + 39 = ?
Subscribe to this entry?

 [2010-01-16 06:06 UTC] gufophp at gmail dot com
PKCS7_verify:certificate verify error

Reproduce code:
$body = <<<EOD

You have my authorization to spend $10,000 on dinner expenses.


$key = file_get_contents("test.key");
$crt = file_get_contents("test.crt");
$file = tempnam('', 'mail');
file_put_contents($file, $body); 
$signed = tempnam("", "signed"); // view 1
echo openssl_x509_check_private_key($crt, array($key,"gufogufogufogufogufogufo")) ;
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";
echo "<hr />"; // view 1
$arr = array("To" => "", // keyed syntax
              "From: HQ <>", // indexed syntax
              "Subject" => "Eyes only");
echo openssl_pkcs7_sign($file, $signed, $crt, array($key, "gufogufogufogufogufogufo"),$arr);
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";
echo "<hr />";
$body = file_get_contents($signed);

$pa = "C:\\Programmi\\Apache Software Foundation\\Apache2.2\\htdocs\sign\\";

// error here
echo openssl_pkcs7_verify(
// error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error
 while ($msg = openssl_error_string())
    echo $msg . "<br />\n";


Expected result:

Actual result:
error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-16 19:53 UTC]
Try Google for the error:

"Likewise, if the sender’s certificate isn’t recognized by your OpenSSL infrastructure, you’ll get a similar error"

Looks like your script is buggy.

 [2010-01-24 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-04-25 20:25 UTC]
-Status: No Feedback +Status: Feedback
 [2010-04-25 20:25 UTC]
Please try using this snapshot:
For Windows:

 [2012-02-21 20:32 UTC]
-Status: Feedback +Status: No Feedback
 [2012-02-21 22:05 UTC] gufophp at gmail dot com
please CHECK all certificate in filesysem (pubblic key):

auto signed certificate "root ca"(H0)
-->create and sign certifichate used H0, this certificate is H1
---->create a new certificate used H1 to sign, this certificate is H2

to check certificate(H2) authority ALL certificate is necessary (H0, H1, and H2)
if not have ALL publik key of all cert, cerificate check fail "certificate verify error" 
You have all certificate ?

please update documentation (no bug)
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Jun 14 06:01:33 2024 UTC