Edit report at http://bugs.php.net/bug.php?id=40046&edit=1
ID: 40046 Comment by: pm at datasphere dot ch Reported by: mbechler at eenterphace dot org Summary: OpenSSL CRL generation support Status: Assigned Type: Feature/Change Request Package: Feature/Change Request PHP Version: 5.2.1RC2 Assigned To: pajoye New Comment: I'm also very interested in having this feature supported in the PHP standards. Can I expect to see it soon available ? Previous Comments: ------------------------------------------------------------------------ [2010-02-15 09:07:32] cnyegle at gmail dot com Will the patch be merged into PHP?It's two years after the last modification of this issue. ------------------------------------------------------------------------ [2007-09-23 19:51:19] [email protected] >From Moritz Bechler: It took some time - but I now managed to put together some test cases (which hopefully can also serve as examples). I noticed that the current "openssl_x509_checkpurpose" function does not allow for passing verification flags so I introduced a new function "openssl_x509_check" (verify might be better but might cause confusion with openssl_verify) which does pretty much the same thing but takes a flags parameter which can be used to enable CRL checking and some other checking features which I did not test yet. I chose to add a new function because a) adding the argument to the end forces passing two (one unused in most cases) optional arguments b) _checkpurpose is a bit too specific. I hope that approach is okay. The updated patch is at http://mbechler.eenterphace.org/php6-openssl-crl.patch and the phpt and required data (needs a small CA, included files are valid for 5 years) at http://mbechler.eenterphace.org/php6-openssl-crl-tests.tar.bz2 I noted my test fails (even for ascii filenames) when run in unicode mode which is a result of this check in php_openssl_x509_from_zval: if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) { return NULL; } maybe I'll find some time to have a look at proper filesystem encoding conversions for ext/openssl. ------------------------------------------------------------------------ [2007-08-03 11:37:24] [email protected] Add the note here too :) Please provide some test cases as well, including the required data (if any). ------------------------------------------------------------------------ [2007-01-07 02:47:19] mbechler at eenterphace dot org Ok, finally found the bug - new patch is here: http://mbechler.eenterphace.org/ext-openssl-crl.patch ------------------------------------------------------------------------ [2007-01-07 02:26:36] mbechler at eenterhace dot org When trying to use the functionality in a real world scenario I noticed problems with this patch. My FastCGI processes are throwing errors like this *** corrupted double-linked list: 0x08a135f0 *** while it is working nice when run from the command line. I could not get any helpful information yet by debugging, but this one is definitly not ready for inclusion. I'm trying to figure out what's wrong, but I am thankful for any help provided. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=40046 -- Edit this bug report at http://bugs.php.net/bug.php?id=40046&edit=1
