php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #55362 X509_PURPOSE_ANY is not recognized by openssl
Submitted: 2011-08-04 12:14 UTC Modified: 2011-08-04 13:27 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: anders at ingemann dot de Assigned:
Status: Open Package: OpenSSL related
PHP Version: 5.3.6 OS: Windows 7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: anders at ingemann dot de
New email:
PHP Version: OS:

 

 [2011-08-04 12:14 UTC] anders at ingemann dot de 
Description:
------------
On http://www.php.net/manual/en/function.openssl-x509-checkpurpose.php the purpose 
check X509_PURPOSE_ANY is mentioned and the constant is defined as well.
openssl_x509_checkpurpose() however reports "error:0B086079:x509 certificate 
routines:X509_STORE_CTX_purpose_inherit:unknown purpose id".
Checking up in the documentation i can see that this purpose is not supported 
(http://www.openssl.org/docs/apps/verify.html#COMMAND_OPTIONS). This constant 
should be removed, and a note should be put in the documentation, specifying that 
this is not supported.

Test script:
---------------
openssl_x509_checkpurpose( mixed $x509cert , X509_PURPOSE_ANY );
while($error = openssl_error_string()) echo $error."\n";

Expected result:
----------------
With a valid certificate openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY) 
returns true.

Actual result:
--------------
With a valid certificate openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY) 
returns false.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-08-04 12:23 UTC] anders at ingemann dot de
-Summary: X509_PURPOSE_ANY is not supported +Summary: X509_PURPOSE_ANY is not recognized by openssl
 [2011-08-04 12:23 UTC] anders at ingemann dot de 
I just found out that the "any" purpose IS actually supported, but it is simply 
not documented. It seems the constant is somehow referring to a wrong value.
 [2011-08-04 12:40 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2011-08-04 12:40 UTC] pajoye@php.net 
c:\test\php536nts>php -n -d extension_dir=ext -d extension=php_openssl.dll -r 
"print_r(get_defined_constants());" | FIND "X509"
    [X509_PURPOSE_SSL_CLIENT] => 1
    [X509_PURPOSE_SSL_SERVER] => 2
    [X509_PURPOSE_NS_SSL_SERVER] => 3
    [X509_PURPOSE_SMIME_SIGN] => 4
    [X509_PURPOSE_SMIME_ENCRYPT] => 5
    [X509_PURPOSE_CRL_SIGN] => 6
    [X509_PURPOSE_ANY] => 7


and from the x509v3.h:
#define X509_PURPOSE_ANY     7

What do you mean then?
 [2011-08-04 13:27 UTC] anders at ingemann dot de
-Status: Feedback +Status: Open
 [2011-08-04 13:27 UTC] anders at ingemann dot de 
The constant is not the problem.
Somehow int(7) causes an error with the openssl api. It says that this purpose id 
is not known.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 16:01:30 2024 UTC