Edit report at http://bugs.php.net/bug.php?id=52356&edit=1
ID: 52356
User updated by: p dot vanbrouwershaven at networking4all dot com
Reported by: p dot vanbrouwershaven at networking4all dot com
Summary: In memory support for openssl_pkcs7_*
-Status: Feedback
+Status: Assigned
Type: Feature/Change Request
Package: OpenSSL related
PHP Version: Irrelevant
Assigned To: pajoye
New Comment:
First exmaple, signing mail with the current PHP version, content is
located in
file unsigned.txt, strangely this file needs to start with an empty line
to get
the signature recognized.
<?php
if (openssl_pkcs7_sign("unsigned.txt", "signed.txt",
"file://public.cer",
array("file://private.key", "password"),
array("To" => "[email protected]", // keyed syntax
"From: Me <[email protected]>", // indexed syntax
"Subject" => "This is my subject"),
PKCS7_DETACHED,
"intermediate.cer"
)) {
// message signed - send it!
exec(ini_get("sendmail_path") . " < signed.txt");
}
?>
A second example that runs with this patch, please not the linefeed
"\n",
without this linefeed the signature will not be recognized.
<?php
if (openssl_pkcs7_sign("\nunsigned.txt", "signed.txt",
"file://public.cer",
array("file://private.key", "password"),
array("To" => "[email protected]", // keyed syntax
"From: Me <[email protected]>", // indexed syntax
"Subject" => "This is my subject"),
PKCS7_DETACHED,
"intermediate.cer"
)) {
// message signed - send it!
exec(ini_get("sendmail_path") . " < signed.txt");
}
?>
Please not this proof of concept does only changes the infilename and
not the
other files like the outfilename, signcert, privkey & extracerts.
Previous Comments:
------------------------------------------------------------------------
[2010-07-16 10:14:48] [email protected]
Thanks, will take care of them asap. Do you have some tests as well,
would help to reduce the time to commit :)
------------------------------------------------------------------------
[2010-07-16 10:13:51] jille at quis dot cx
Attached patch is a proof-of-concept patch. It changes
openssl_pkcs7_sign() to use the input filename as a string instead of as
a filename. Paul has tested this and it seems to work.
------------------------------------------------------------------------
[2010-07-16 10:06:33] p dot vanbrouwershaven at networking4all dot com
Description:
------------
The PHP functions openssl_pkcs7_(sign|encrypt|decrypt|verify) do require
files to
be executed. In many cases this will create the unintended requirement
of
temporary files. In compare with
openssl_(sign|encrypt|decrypt|verify|...) which
are doing almost the same thing this is a strange behavior.
When we look at the purpose of openssl_pkcs7_* (working with digital
signatures in
mail), you would not expect to work with files instead of strings for
this few
data.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=52356&edit=1
