php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55362 X509_PURPOSE_ANY is not recognized by openssl
Submitted: 2011-08-04 12:14 UTC Modified: 2011-08-04 13:27 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: anders at ingemann dot de Assigned:
Status: Open Package: OpenSSL related
PHP Version: 5.3.6 OS: Windows 7
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: anders at ingemann dot de
New email:
PHP Version: OS:

 

 [2011-08-04 12:14 UTC] anders at ingemann dot de
Description:
------------
On http://www.php.net/manual/en/function.openssl-x509-checkpurpose.php the purpose 
check X509_PURPOSE_ANY is mentioned and the constant is defined as well.
openssl_x509_checkpurpose() however reports "error:0B086079:x509 certificate 
routines:X509_STORE_CTX_purpose_inherit:unknown purpose id".
Checking up in the documentation i can see that this purpose is not supported 
(http://www.openssl.org/docs/apps/verify.html#COMMAND_OPTIONS). This constant 
should be removed, and a note should be put in the documentation, specifying that 
this is not supported.

Test script:
---------------
openssl_x509_checkpurpose( mixed $x509cert , X509_PURPOSE_ANY );
while($error = openssl_error_string()) echo $error."\n";

Expected result:
----------------
With a valid certificate openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY) 
returns true.

Actual result:
--------------
With a valid certificate openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY) 
returns false.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-08-04 12:23 UTC] anders at ingemann dot de
-Summary: X509_PURPOSE_ANY is not supported +Summary: X509_PURPOSE_ANY is not recognized by openssl
 [2011-08-04 12:23 UTC] anders at ingemann dot de
I just found out that the "any" purpose IS actually supported, but it is simply 
not documented. It seems the constant is somehow referring to a wrong value.
 [2011-08-04 12:40 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2011-08-04 12:40 UTC] pajoye@php.net
c:\test\php536nts>php -n -d extension_dir=ext -d extension=php_openssl.dll -r 
"print_r(get_defined_constants());" | FIND "X509"
    [X509_PURPOSE_SSL_CLIENT] => 1
    [X509_PURPOSE_SSL_SERVER] => 2
    [X509_PURPOSE_NS_SSL_SERVER] => 3
    [X509_PURPOSE_SMIME_SIGN] => 4
    [X509_PURPOSE_SMIME_ENCRYPT] => 5
    [X509_PURPOSE_CRL_SIGN] => 6
    [X509_PURPOSE_ANY] => 7


and from the x509v3.h:
#define X509_PURPOSE_ANY     7

What do you mean then?
 [2011-08-04 13:27 UTC] anders at ingemann dot de
-Status: Feedback +Status: Open
 [2011-08-04 13:27 UTC] anders at ingemann dot de
The constant is not the problem.
Somehow int(7) causes an error with the openssl api. It says that this purpose id 
is not known.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 08 06:01:28 2024 UTC