Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Demonstrate incorrect handling of $extracerts default value in openssl_pkcs7_sign PHP function
<?php
$dn = array(
'countryName' => 'UK',
'stateOrProvinceName' => 'Here',
'localityName' => 'There',
'organizationName' => 'PHP',
'organizationalUnitName' => 'PHPTest',
'commonName' => 'PHP Test',
'emailAddress' => 'php@example.com'
);
$password = 'password';
$certfile = 'certfile.txt';
$keyfile = 'keyfile.txt';
$pk = openssl_pkey_new();
$csr = openssl_csr_new($dn, $pk);
$cert = openssl_csr_sign($csr, null, $pk, 1);
openssl_x509_export($cert, $certout);
file_put_contents($certfile, $certout);
openssl_pkey_export($pk, $pkeyout, $password);
file_put_contents($keyfile, $pkeyout);
$signed = tempnam(sys_get_temp_dir(), 'signed');
$file = tempnam(sys_get_temp_dir(), 'mail');
file_put_contents($file, 'hello');
//This works:
$r = openssl_pkcs7_sign(
$file,
$signed,
'file://' . realpath($certfile),
array('file://' . realpath($keyfile), $password),
null,
PKCS7_DETACHED
);
//This throws a warning: "Warning: openssl_pkcs7_sign(): error opening the file"
//Only difference is the final null param (acts the same if it's a variable containing null)
$r = openssl_pkcs7_sign(
$file,
$signed,
'file://' . realpath($certfile),
array('file://' . realpath($keyfile), $password),
null,
PKCS7_DETACHED,
null
);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.