php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #65186 openssl_csr_new allows creation from text
Submitted: 2013-07-02 18:39 UTC Modified: 2017-10-24 06:43 UTC
Votes:3
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: lynch@php.net Assigned:
Status: Open Package: OpenSSL related
PHP Version: Irrelevant OS: N/A
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: lynch@php.net
New email:
PHP Version: OS:

 

 [2013-07-02 18:39 UTC] lynch@php.net
Description:
------------
---
From manual page: http://www.php.net/function.openssl-csr-new#refsect1-function.openssl-csr-new-parameters
---

It is not documented that:

$csr_resource = openssl_csr_new(array(), file_get_contents('some.csr'));

will return a valid CSR resource.


Test script:
---------------
//Load your private key
 $private_key_resource = openssl_pkey_get_private(file_get_contents('private.pem'));

//Extract the public key
$details = openssl_pkey_get_details($private_key_resource);
$public_key_text = $details['key'];


//Load the text CSR file
$csr_text = file_get_contents('request.csr');
// UNDOCUMENTED FEATURE
$csr_resource = openssl_csr_new(array(), $csr_text);
$csr_public_key_resource = openssl_csr_get_public_key($csr_resource);
$csr_public_key_details = openssl_pkey_get_details($csr_public_key_resource);
$csr_public_key_text = $csr_public_key_details['key'];

//Prove that the CSR is valid, assuming you built it right in the first place
if ($public_key_text != $csr_public_key_text)
{
    echo "The public key doesn't match, so that's not a good CSR.\n";
}
else
{
    echo "Yay! There IS a way to create a CSR resource from text. It's just not documented.\n";
}


Expected result:
----------------
Going strictly by the docs, some kind of error message about wrong type for the CSR, since text is in no way similar to a CSR private key resource.

Actual result:
--------------
It works, thank goodness.

Because if it didn't, there is no way to convert a CSR text file to a CSR resource.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-02 19:17 UTC] lynch@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: lynch
 [2013-07-02 19:17 UTC] lynch@php.net
Hope it's kosher to just decide to fix it myself...
 [2017-10-24 05:19 UTC] kalle@php.net
-Status: Verified +Status: Assigned
 [2017-10-24 06:43 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: lynch +Assigned To:
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 10 14:01:27 2024 UTC