PHP :: Bug #74341 :: openssl_x509_parse fails to parse ASN.1 UTCTime without seconds

Bug #74341	openssl_x509_parse fails to parse ASN.1 UTCTime without seconds
Submitted:	2017-03-30 14:14 UTC	Modified:	2017-03-30 14:44 UTC
From:	moritz at mertinkat dot net	Assigned:
Status:	Closed	Package:	OpenSSL related
PHP Version:	7.0.17	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2017-03-30 14:14 UTC] moritz at mertinkat dot net

Description:
------------
openssl_x509_parse fails to parse ASN.1 UTCTime without seconds, see
https://www.obj-sys.com/asn1tutorial/node15.html


Test script:
---------------
<?php

$pem_cert = '
-----BEGIN CERTIFICATE-----
MIIGFDCCBPygAwIBAgIDKCHVMA0GCSqGSIb3DQEBBQUAMIHcMQswCQYDVQQGEwJV
UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE
ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE5MDcGA1UECxMwaHR0cDov
L2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5MTEwLwYD
VQQDEyhTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREw
DwYDVQQFEwgxMDY4ODQzNTAcFwsxNDAxMDcwMDAwWhcNMTYwNDAxMDcwMDAwWjCB
6zETMBEGCysGAQQBgjc8AgEDEwJVUzEYMBYGCysGAQQBgjc8AgECEwdBcml6b25h
MR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEUMBIGA1UEBRMLUi0xNzI0
NzQxLTYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpT
Y290dHNkYWxlMSQwIgYDVQQKExtTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBMTEMx
KzApBgNVBAMTInZhbGlkLnNmaS5jYXRlc3Quc3RhcmZpZWxkdGVjaC5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt1LHQOza9tkKxwGL+/yKi/Fe5
HM0sjvcM4ic1XVrvpewa4P/04IzGSjIGO3CXaSArxQMSzsTt2dcO9tSJ1Zk8c9NZ
XM8eVqx92iTMEf9OQcubWpzWmrPc3TAFhbVnfEmCptsXEgtxbAIbntrNeDk/hBPd
l4DYFYRdm3ZTk4JMIf/quDZe5Oti53J0UsxWXSSoqKyPNdb671Q+OTQfSDj7kVF4
+Ri3FIeAV16d2UnpBW1bgNqA5yITRskHE4bX98HDNHUTHioHpgA+fXfejWkGB/0F
QN4HbZcysYHhf1L5cWBtz9w5J00YmjM5fzWvTc3UUF9ou7m7JE4aqEbNOWb9AgMB
AAGjggHOMIIByjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwLQYDVR0RBCYwJIIidmFsaWQuc2ZpLmNh
dGVzdC5zdGFyZmllbGR0ZWNoLmNvbTAdBgNVHQ4EFgQUcO+QEqZcHphPW9szww9t
y+1AGmQwHwYDVR0jBBgwFoAUSUtSJ9EbvPKhIWpie1FCeorX1VYwOAYDVR0fBDEw
LzAtoCugKYYnaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZnMzLTAuY3Js
MIGNBggrBgEFBQcBAQSBgDB+MCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFy
ZmllbGR0ZWNoLmNvbS8wUAYIKwYBBQUHMAKGRGh0dHA6Ly9jZXJ0aWZpY2F0ZXMu
c3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZl9pbnRlcm1lZGlhdGUuY3J0
MFIGA1UdIARLMEkwRwYLYIZIAYb9bgEHFwMwODA2BggrBgEFBQcCARYqaHR0cDov
L2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEB
BQUAA4IBAQAViYkLUjQkxWRmZl4DutL0/9/wJSURcJ1qunLP+TImJFp0A9RE/MNK
ZOmQoAEoH6hMg7FL4etkvTcnruTdcx+3mvqYiECUiUEx6pkx3dmkYgZACEuk2nfy
J0MkV/zwzqmI8aV+kunpOQv93aePZbrBgaAzkE8jDlExtd7c4pE7JF40jxmvDwjZ
HwpyNDULreGtFBij7JcWJCfihM3uetqrao0kOoeih1PQyJXtz2RldhFYs6Jdk3IL
Yv+84t5UMO+aS9nVBXIcbgaGjIMZjHDgR/tE9FKFB66k8UTDzAwwEs38VV24zx6h
lOzTF7xAUxmPUnNb2teatMf2Rmj0fs+d
-----END CERTIFICATE-----
';

$parsed_cert = openssl_x509_parse($pem_cert);

printf("Valid from: %s, (%d)\n", date('Y-m-d H:i:s', $parsed_cert['validFrom_time_t']), $parsed_cert['validFrom_time_t']);
printf("Valid   to: %s, (%d)\n", date('Y-m-d H:i:s', $parsed_cert['validTo_time_t']), $parsed_cert['validTo_time_t']);


Expected result:
----------------
Valid from: 2014-01-07 00:00:00, (1389052800)
Valid   to: 2016-04-01 07:00:00, (1459494000)


Actual result:
--------------
PHP Warning:  openssl_x509_parse(): unable to parse time string 1401070000Z correctly in /home/maurice/test-asn1time.php on line 41
PHP Stack trace:
PHP   1. {main}() /home/maurice/test-asn1time.php:0
PHP   2. openssl_x509_parse() /home/maurice/test-asn1time.php:41
Valid from: 1970-01-01 00:59:59, (-1)
Valid   to: 2016-04-01 09:00:00, (1459494000)

Patches

Pull Requests

Pull requests:

Fix #74341: openssl_x509_parse fails to parse ASN.1 UTCTime without seconds (php-src/2444)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-03-30 14:44 UTC] requinix@php.net

-Status: Open +Status: Verified

[2017-03-30 14:44 UTC] requinix@php.net

They don't make it easy to find an official source but it does seem that seconds are optional in UTCTime. And the PR has the sort of changes I would expect to see.

[2017-03-30 19:24 UTC] moritz at mertinkat dot net

Added a test for the fix.

[2017-04-01 23:09 UTC] nikic@php.net

Automatic comment on behalf of moritz@mertinkat.net
Revision: http://git.php.net/?p=php-src.git;a=commit;h=46d286574bdf49d568a21283e4f7f6fb91a1480b
Log: Fixed bug #74341

[2017-04-01 23:09 UTC] nikic@php.net

-Status: Verified +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 14:01:29 2024 UTC