php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #74715 openssl_pkcs12_export/export_to_file $args undocumented
Submitted: 2017-06-08 17:59 UTC Modified: 2017-11-03 22:13 UTC
From: jelle at vdwaa dot nl Assigned: mjones (profile)
Status: Closed Package: OpenSSL related
PHP Version: 7.2.0alpha1 OS: Arch Linux
Private report: No CVE-ID: None
View Developer Edit
 [2017-06-08 17:59 UTC] jelle at vdwaa dot nl 
Description:
------------
openssl_pkcs12_read returns true when "garbage" is inserted in the optional extra certs. No error is logged, while an error is expected. The test can be executed in php-src's (git repo) in ext/openssl/tests/

Test script:
---------------
$p12 = "./p12_with_extra_certs.p12";
$pass = "qwerty";
openssl_pkcs12_read(file_get_contents($p12), $certs, $pass);
//var_dump($certs);
$ok = openssl_pkcs12_export($certs['cert'], $out, $certs['pkey'], $pass, array('blup'));
var_dump($ok);


Expected result:
----------------
Expect a warning to be throw about "blup" not being a valid X509 certificate.

Actual result:
--------------
bool(true)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-06-08 22:46 UTC] requinix@php.net
-Summary: openssl_pkcs12_export allows invalid extracerts +Summary: openssl_pkcs12_export/export_to_file $args undocumented -Status: Open +Status: Verified -Type: Bug +Type: Documentation Problem
 [2017-06-08 22:46 UTC] requinix@php.net 
The array is checked for "friendly_name" (cert friendly name) and "extracerts" (cert authority chain) keys, whose values are used if present. Extra keys will be ignored.

The friendly_name can be:
- A string

The extracerts can be:
- An x509 resource (eg, from openssl_x509_read)
- Anything accepted by openssl_x509_read, which is:
  * A string (or stringable object) filename prefixed with "file://"
  * A string (or stringable object) with the cert data
- Or an array of any of the above

On that note, openssl_x509_read doesn't have its $x509certdata documented either.
 [2017-11-03 22:12 UTC] mjones@php.net 
Automatic comment from SVN on behalf of mjones
Revision: http://svn.php.net/viewvc/?view=revision&revision=343361
Log: Fix bug #74715: openssl_pkcs12_export documentation
 [2017-11-03 22:13 UTC] mjones@php.net
-Status: Verified +Status: Closed -Assigned To: +Assigned To: mjones
 [2017-11-03 22:13 UTC] mjones@php.net 
documented openssl_x509_read $x509certdata
and for openssl_pkcs12_export documented that extra keys will be ignored.
commit r343361
 [2020-02-07 06:06 UTC] phpdocbot@php.net 
Automatic comment on behalf of mjones
Revision: http://git.php.net/?p=doc/en.git;a=commit;h=904d0aeccde44f12b8e87e326febc091bf3466f9
Log: Fix bug #74715: openssl_pkcs12_export documentation
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Oct 29 11:00:01 2025 UTC