/openssl_pkcs7_sign_bug.php
Last active Aug 29, 2015
Demonstrate incorrect handling of $extracerts default value in openssl_pkcs7_sign PHP function
| <?php | |
| $dn = array( | |
| 'countryName' => 'UK', | |
| 'stateOrProvinceName' => 'Here', | |
| 'localityName' => 'There', | |
| 'organizationName' => 'PHP', | |
| 'organizationalUnitName' => 'PHPTest', | |
| 'commonName' => 'PHP Test', | |
| 'emailAddress' => 'php@example.com' | |
| ); | |
| $password = 'password'; | |
| $certfile = 'certfile.txt'; | |
| $keyfile = 'keyfile.txt'; | |
| $pk = openssl_pkey_new(); | |
| $csr = openssl_csr_new($dn, $pk); | |
| $cert = openssl_csr_sign($csr, null, $pk, 1); | |
| openssl_x509_export($cert, $certout); | |
| file_put_contents($certfile, $certout); | |
| openssl_pkey_export($pk, $pkeyout, $password); | |
| file_put_contents($keyfile, $pkeyout); | |
| $signed = tempnam(sys_get_temp_dir(), 'signed'); | |
| $file = tempnam(sys_get_temp_dir(), 'mail'); | |
| file_put_contents($file, 'hello'); | |
| //This works: | |
| $r = openssl_pkcs7_sign( | |
| $file, | |
| $signed, | |
| 'file://' . realpath($certfile), | |
| array('file://' . realpath($keyfile), $password), | |
| null, | |
| PKCS7_DETACHED | |
| ); | |
| //This throws a warning: "Warning: openssl_pkcs7_sign(): error opening the file" | |
| //Only difference is the final null param (acts the same if it's a variable containing null) | |
| $r = openssl_pkcs7_sign( | |
| $file, | |
| $signed, | |
| 'file://' . realpath($certfile), | |
| array('file://' . realpath($keyfile), $password), | |
| null, | |
| PKCS7_DETACHED, | |
| null | |
| ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment