php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77411 openssl_x509_parse serialNumber not always integer with OpenSSL version 1.1
Submitted: 2019-01-05 00:29 UTC Modified: 2021-01-19 14:22 UTC
Votes:6
Avg. Score:3.8 ± 0.7
Reproduced:6 of 6 (100.0%)
Same Version:3 (50.0%)
Same OS:0 (0.0%)
From: korikulum at net dot hr Assigned:
Status: Open Package: OpenSSL related
PHP Version: Irrelevant OS: Ubuntu 14.04
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: korikulum at net dot hr
New email:
PHP Version: OS:

 

 [2019-01-05 00:29 UTC] korikulum at net dot hr 
Description:
------------
With OpenSSL version 1.0 "openssl_x509_parse" would always return "serialNumber" as a string representation of an integer value, while "serialNumberHex" would be a string representation of a hexadecimal number.

This changes when using OpenSSL version 1.1. With OpenSSL version 1.1 the value of "serialNumber" is sometimes (not always) returned as a string representation of a hexadecimal number instead of an integer.

This is due to the following changes in OpenSSL: https://github.com/openssl/openssl/commit/10a3195fcf7d04ba519651cf12e945a8fe470a3c

Expected result:
----------------
  ["serialNumber"]=>
  string(39) "269913321572441498538983276629377170905"
  ["serialNumberHex"]=>
  string(32) "CB0F6A32FD527F6C0001000056603DD9"

Actual result:
--------------
  ["serialNumber"]=>
  string(34) "0xCB0F6A32FD527F6C0001000056603DD9"
  ["serialNumberHex"]=>
  string(32) "CB0F6A32FD527F6C0001000056603DD9"

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-01-19 14:22 UTC] cmb@php.net 
Given that the docs[1] state:

| The structure of the returned data is (deliberately) not yet
| documented, as it is still subject to change.

I wouldn't call that a bug, and it might be best to drop the
"serialNumber" altogether.

[1] <https://www.php.net/manual/en/function.openssl-x509-parse.php>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 18:01:28 2024 UTC