php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55362 X509_PURPOSE_ANY is not recognized by openssl
Submitted: 2011-08-04 12:14 UTC Modified: 2011-08-04 13:27 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: anders at ingemann dot de Assigned:
Status: Open Package: OpenSSL related
PHP Version: 5.3.6 OS: Windows 7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
32 - 14 = ?
Subscribe to this entry?

 
 [2011-08-04 12:14 UTC] anders at ingemann dot de
Description:
------------
On http://www.php.net/manual/en/function.openssl-x509-checkpurpose.php the purpose 
check X509_PURPOSE_ANY is mentioned and the constant is defined as well.
openssl_x509_checkpurpose() however reports "error:0B086079:x509 certificate 
routines:X509_STORE_CTX_purpose_inherit:unknown purpose id".
Checking up in the documentation i can see that this purpose is not supported 
(http://www.openssl.org/docs/apps/verify.html#COMMAND_OPTIONS). This constant 
should be removed, and a note should be put in the documentation, specifying that 
this is not supported.

Test script:
---------------
openssl_x509_checkpurpose( mixed $x509cert , X509_PURPOSE_ANY );
while($error = openssl_error_string()) echo $error."\n";

Expected result:
----------------
With a valid certificate openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY) 
returns true.

Actual result:
--------------
With a valid certificate openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY) 
returns false.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-08-04 12:23 UTC] anders at ingemann dot de
-Summary: X509_PURPOSE_ANY is not supported +Summary: X509_PURPOSE_ANY is not recognized by openssl
 [2011-08-04 12:23 UTC] anders at ingemann dot de
I just found out that the "any" purpose IS actually supported, but it is simply 
not documented. It seems the constant is somehow referring to a wrong value.
 [2011-08-04 12:40 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2011-08-04 12:40 UTC] pajoye@php.net
c:\test\php536nts>php -n -d extension_dir=ext -d extension=php_openssl.dll -r 
"print_r(get_defined_constants());" | FIND "X509"
    [X509_PURPOSE_SSL_CLIENT] => 1
    [X509_PURPOSE_SSL_SERVER] => 2
    [X509_PURPOSE_NS_SSL_SERVER] => 3
    [X509_PURPOSE_SMIME_SIGN] => 4
    [X509_PURPOSE_SMIME_ENCRYPT] => 5
    [X509_PURPOSE_CRL_SIGN] => 6
    [X509_PURPOSE_ANY] => 7


and from the x509v3.h:
#define X509_PURPOSE_ANY     7

What do you mean then?
 [2011-08-04 13:27 UTC] anders at ingemann dot de
-Status: Feedback +Status: Open
 [2011-08-04 13:27 UTC] anders at ingemann dot de
The constant is not the problem.
Somehow int(7) causes an error with the openssl api. It says that this purpose id 
is not known.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Oct 23 07:01:29 2019 UTC