#45076 [Opn->Fbk]: openssl_csr_new() puts extraattribs in wrong place of CSR

Fri, 21 Nov 2008 08:32:52 -0800 

 ID:               45076
 Updated by:       [EMAIL PROTECTED]
 Reported By:      imm at reasoningmind dot org
-Status:           Open
+Status:           Feedback
 Bug Type:         OpenSSL related
 Operating System: Linux
 PHP Version:      5.2.6
 New Comment:

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.




Previous Comments:
------------------------------------------------------------------------

[2008-05-23 06:39:04] imm at reasoningmind dot org

Description:
------------
I'm trying to add extra attributes to CSR and I expect them in
Attributes section. This is req_attributes section of openssl config.
But function allways puts them into the Subject.
IMHO, this is not right becausee subject defined in first argument and
because there is no way to add extra attributes.


Reproduce code:
---------------
$csr = openssl_csr_new(
    $this->dn,
    $this->pkey_bin,
    array(
        "digest_alg" => "sha1",
        "private_key_bits" => 2048,
        "req_extensions" => "v3_req",
        "x509_extensions" => "usr_cert",
    );
    array(
        'challengePassword' => 'passwd',
        'principalName' => 'DER:65726e6573744077696e2e6365726e2e6368',
    )
);


Expected result:
----------------
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, ST=Texas, L=Houston, O=Example Inc, OU=RMStuff,
CN=Test User/[EMAIL PROTECTED]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:cc:15:67:32:6a:2b:ad:5e:71:e6:48:22:f9:76:
                    <...skip...>
                    eb:5e:9e:e0:1b:13:b0:93:cf:d5:02:c2:6d:f2:1e:
                    e2:83
                Exponent: 65537 (0x10001)
        Attributes:
            chalengePassword  passwd
            principalName :DER:65726e6573744077696e2e6365726e2e6368
        Requested Extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage: 
                clientAuthentication, smartCardLogon


Actual result:
--------------
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, ST=Texas, L=Houston, O=Example Inc, OU=RMStuff,
CN=Test
User/[EMAIL 
PROTECTED]/challengePassword=passwd/principalName=DER:65726e6573744077696e2e6365726e2e6368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:cc:15:67:32:6a:2b:ad:5e:71:e6:48:22:f9:76:
                    <...skip...>
                    eb:5e:9e:e0:1b:13:b0:93:cf:d5:02:c2:6d:f2:1e:
                    e2:83
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage: 
                clientAuthentication, smartCardLogon



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=45076&edit=1

Reply via email to