|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #74715 openssl_pkcs12_export/export_to_file $args undocumented
Submitted: 2017-06-08 17:59 UTC Modified: 2017-11-03 22:13 UTC
From: jelle at vdwaa dot nl Assigned: mjones (profile)
Status: Closed Package: OpenSSL related
PHP Version: 7.2.0alpha1 OS: Arch Linux
Private report: No CVE-ID: None
 [2017-06-08 17:59 UTC] jelle at vdwaa dot nl
openssl_pkcs12_read returns true when "garbage" is inserted in the optional extra certs. No error is logged, while an error is expected. The test can be executed in php-src's (git repo) in ext/openssl/tests/

Test script:
$p12 = "./p12_with_extra_certs.p12";
$pass = "qwerty";
openssl_pkcs12_read(file_get_contents($p12), $certs, $pass);
$ok = openssl_pkcs12_export($certs['cert'], $out, $certs['pkey'], $pass, array('blup'));

Expected result:
Expect a warning to be throw about "blup" not being a valid X509 certificate.

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-06-08 22:46 UTC]
-Summary: openssl_pkcs12_export allows invalid extracerts +Summary: openssl_pkcs12_export/export_to_file $args undocumented -Status: Open +Status: Verified -Type: Bug +Type: Documentation Problem
 [2017-06-08 22:46 UTC]
The array is checked for "friendly_name" (cert friendly name) and "extracerts" (cert authority chain) keys, whose values are used if present. Extra keys will be ignored.

The friendly_name can be:
- A string

The extracerts can be:
- An x509 resource (eg, from openssl_x509_read)
- Anything accepted by openssl_x509_read, which is:
  * A string (or stringable object) filename prefixed with "file://"
  * A string (or stringable object) with the cert data
- Or an array of any of the above

On that note, openssl_x509_read doesn't have its $x509certdata documented either.
 [2017-11-03 22:12 UTC]
Automatic comment from SVN on behalf of mjones
Log: Fix bug #74715: openssl_pkcs12_export documentation
 [2017-11-03 22:13 UTC]
-Status: Verified +Status: Closed -Assigned To: +Assigned To: mjones
 [2017-11-03 22:13 UTC]
documented openssl_x509_read $x509certdata
and for openssl_pkcs12_export documented that extra keys will be ignored.
commit r343361
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Thu Jul 19 09:01:25 2018 UTC