|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64802 openssl_x509_parse fails to parse subject properly in some cases
Submitted: 2013-05-09 16:49 UTC Modified: 2015-03-04 15:12 UTC
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: mark at zedwood dot com Assigned: rdlowrey (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.4.15 OS: Ubuntu Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: mark at zedwood dot com
New email:
PHP Version: OS:


 [2013-05-09 16:49 UTC] mark at zedwood dot com
When the subject of the certificate has multiple CN (common name) values in the subject, openssl_x509_parse seems to work, but in this case it fails to parse the rest of the subject as well as additional CN values.

Here is the subject of the cert triggering the failure
cat cert.pem |openssl x509 -noout -text |grep Subject:
Subject:,,,, Organization, C=US/postalCode=94103, ST=CA, L=San Francisco/street=1550 Bryant st, O=Rdio, Inc., OU=COMODO EV Multi-Domain SSL,

The cert.pem I used can be found in the embedded php script:

Test script:

Expected result:
    [CN] => Array(
        [0] =>
        [1] =>
        [2] =>
        [3] =>
        [4] =>
        [5] =>
    [OU] => COMODO EV Multi-Domain SSL
    [O] => Rdio, Inc
    [street] => 1550 Bryant st
    [L] => San Francisco
    [ST] => CA
    [postalCode] => 94103
    [C] => US
    [businessCategory] => Private Organization
    [] => Delaware
    [] => US
    [serialNumber] => 4586007

Actual result:
    [CN] => Array
            [0] =>
            [1] =>
            [2] =>
            [3] =>
            [4] =>
            [5] =>


openssl_x509_parse_bug_fix (last revision 2013-08-09 16:25 UTC by mark at zedwood dot com)
openssl_parse_patch (last revision 2013-08-06 23:16 UTC by mark at zedwood dot com)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-05-15 15:45 UTC] zelnaga at gmail dot com
As a workaround until PHP fixes this issue you can use phpseclib, a pure PHP 
X.509 implementation. eg.


$x509 = new File_X509();
$cert = $x509->loadX509('...'); // see google.crt


getSubjectDN takes an optional $format parameter that can be one of the 

FILE_X509_DN_ARRAY (this is the default value)
 [2013-08-09 16:26 UTC] mark at zedwood dot com
There was a bug in the last patch I submitted.  I replaced it with a new patch, everything should be good now.  It was a patch to php 5.5.1
 [2013-10-28 16:37 UTC] mark at zedwood dot com
-Status: Open +Status: Assigned
 [2013-10-28 16:37 UTC] mark at zedwood dot com
closing, the bugfix/patch was accepted into 
PHP 5.5.4 and  PHP 5.4.20
both released on 19-Sep-2013
 [2015-03-04 15:12 UTC]
-Status: Assigned +Status: Closed -Assigned To: +Assigned To: rdlowrey
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Dec 06 14:01:27 2023 UTC