Edit report at http://bugs.php.net/bug.php?id=52356&edit=1
ID: 52356 User updated by: p dot vanbrouwershaven at networking4all dot com Reported by: p dot vanbrouwershaven at networking4all dot com Summary: In memory support for openssl_pkcs7_* -Status: Feedback +Status: Assigned Type: Feature/Change Request Package: OpenSSL related PHP Version: Irrelevant Assigned To: pajoye New Comment: You can download the zipfile here: https://docs.google.com/leaf? id=0B3a2D2VoY8NgZGEzZGIxYzQtYWFiNS00NDNkLWI2ZGQtM2Y5YjQwNjM3Yjc2&hl=en&authkey=C KeKg4cJ Please request a free 30 day trail client certificate if you don't have one already for your own. (takes just a minute, the intermediate is already included in the zipfile) http://www.globalsign.com/authentication-secure-email/digital-id/trial- personalsign.html Previous Comments: ------------------------------------------------------------------------ [2010-07-16 10:45:24] [email protected] Can you link to a zip containing what you use for this example please? May help to debug the issue you are describing while being at it. ------------------------------------------------------------------------ [2010-07-16 10:30:15] p dot vanbrouwershaven at networking4all dot com First exmaple, signing mail with the current PHP version, content is located in file unsigned.txt, strangely this file needs to start with an empty line to get the signature recognized. <?php if (openssl_pkcs7_sign("unsigned.txt", "signed.txt", "file://public.cer", array("file://private.key", "password"), array("To" => "[email protected]", // keyed syntax "From: Me <[email protected]>", // indexed syntax "Subject" => "This is my subject"), PKCS7_DETACHED, "intermediate.cer" )) { // message signed - send it! exec(ini_get("sendmail_path") . " < signed.txt"); } ?> A second example that runs with this patch, please not the linefeed "\n", without this linefeed the signature will not be recognized. <?php if (openssl_pkcs7_sign("\nunsigned.txt", "signed.txt", "file://public.cer", array("file://private.key", "password"), array("To" => "[email protected]", // keyed syntax "From: Me <[email protected]>", // indexed syntax "Subject" => "This is my subject"), PKCS7_DETACHED, "intermediate.cer" )) { // message signed - send it! exec(ini_get("sendmail_path") . " < signed.txt"); } ?> Please not this proof of concept does only changes the infilename and not the other files like the outfilename, signcert, privkey & extracerts. ------------------------------------------------------------------------ [2010-07-16 10:14:48] [email protected] Thanks, will take care of them asap. Do you have some tests as well, would help to reduce the time to commit :) ------------------------------------------------------------------------ [2010-07-16 10:13:51] jille at quis dot cx Attached patch is a proof-of-concept patch. It changes openssl_pkcs7_sign() to use the input filename as a string instead of as a filename. Paul has tested this and it seems to work. ------------------------------------------------------------------------ [2010-07-16 10:06:33] p dot vanbrouwershaven at networking4all dot com Description: ------------ The PHP functions openssl_pkcs7_(sign|encrypt|decrypt|verify) do require files to be executed. In many cases this will create the unintended requirement of temporary files. In compare with openssl_(sign|encrypt|decrypt|verify|...) which are doing almost the same thing this is a strange behavior. When we look at the purpose of openssl_pkcs7_* (working with digital signatures in mail), you would not expect to work with files instead of strings for this few data. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=52356&edit=1
